#FactCheck - Viral Clip and Newspaper Article Claiming 18% GST on 'Good Morning' Messages Debunked

Introduction

With the rise of AI deepfakes and manipulated media, it has become difficult for the average internet user to know what they can trust online. Synthetic media can have serious consequences, from virally spreading election disinformation or medical misinformation to serious consequences like revenge porn and financial fraud. Recently, a Pune man lost ₹43 lakh when he invested money based on a deepfake video of Infosys founder Narayana Murthy. In another case, that of Babydoll Archi, a woman from Assam had her likeness deepfaked by an ex-boyfriend to create revenge porn.

Image or video manipulation used to leave observable traces. Online sources may advise examining the edges of objects in the image, checking for inconsistent patterns, lighting differences, observing the lip movements of the speaker in a video or counting the number of fingers on a person’s hand. Unfortunately, as the technology improves, such folk advice might not always help users identify synthetic and manipulated media.

‍

The Coalition for Content Provenance and Authenticity (C2PA)

‍

One interesting project in the area of trust-building under these circumstances has been the Coalition for Content Provenance and Authenticity (C2PA). Started in 2019 by Adobe and Microsoft, C2PA is a collaboration between major players in AI, social media, journalism, and photography, among others. It set out to create a standard for publishers of digital media to prove the authenticity of digital media and track changes as they occur.

When photos and videos are captured, they generally store metadata like the date and time of capture, the location, the device it was taken on, etc. C2PA developed a standard for sharing and checking the validity of this metadata, and adding additional layers of metadata whenever a new user makes any edits. This creates a digital record of any and all changes made. Additionally, the original media is bundled with this metadata. This makes it easy to verify the source of the image and check if the edits change the meaning or impact of the media. This standard allows different validation software, content publishers and content creation tools to be interoperable in terms of maintaining and displaying proof of authenticity.

‍

‍

‍

The standard is intended to be used on an opt-in basis and can be likened to a nutrition label for digital media. Importantly, it does not limit the creativity of fledgling photo editors or generative AI enthusiasts; it simply provides consumers with more information about the media they come across.

‍

Could C2PA be Useful in an Indian Context?

‍

The World Economic Forum’s Global Risk Report 2024, identifies India as a significant hotspot for misinformation. The recent AI Regulation report by MeitY indicates an interest in tools for watermarking AI-based synthetic content for ease of detecting and tracking harmful outcomes. Perhaps C2PA can be useful in this regard as it takes a holistic approach to tracking media manipulation, even in cases where AI is not the medium.

Currently, 26 India-based organisations like the Times of India or Truefy AI have signed up to the Content Authenticity Initiative (CAI), a community that contributes to the development and adoption of tools and standards like C2PA. However, people are increasingly using social media sites like WhatsApp and Instagram as sources of information, both of which are owned by Meta and have not yet implemented the standard in their products.

India also has low digital literacy rates and low resistance to misinformation. Part of the challenge would be showing people how to read this nutrition label, to empower people to make better decisions online. As such, C2PA is just one part of an online trust-building strategy. It is crucial that education around digital literacy and policy around organisational adoption of the standard are also part of the strategy.

The standard is also not foolproof. Current iterations may still struggle when presented with screenshots of digital media and other non-technical digital manipulation. Linking media to their creator may also put journalists and whistleblowers at risk. Actual use in context will show us more about how to improve future versions of digital provenance tools, though these improvements are not guarantees of a safer internet.

The largest advantage of C2PA adoption would be the democratisation of fact-checking infrastructure. Since media is shared at a significantly faster rate than it can be verified by professionals, putting the verification tools in the hands of people makes the process a lot more scalable. It empowers citizen journalists and leaves a public trail for any media consumer to look into.

‍

Conclusion

‍

From basic colour filters to make a scene more engaging, to removing a crowd from a social media post, to editing together videos of a politician to make it sound like they are singing a song, we are so accustomed to seeing the media we consume be altered in some way. The C2PA is just one way to bring transparency to how media is altered. It is not a one-stop solution, but it is a viable starting point for creating a fairer and democratic internet and increasing trust online. While there are risks to its adoption, it is promising to see that organisations across different sectors are collaborating on this project to be more transparent about the media we consume.

References

‍

• https://c2pa.org/
• https://contentauthenticity.org/
• https://indianexpress.com/article/technology/tech-news-technology/kate-middleton-9-signs-edited-photo-9211799/  
• https://photography.tutsplus.com/articles/fakes-frauds-and-forgeries-how-to-detect-image-manipulation--cms-22230
• https://www.media.mit.edu/projects/detect-fakes/overview/
• https://www.youtube.com/watch?v=qO0WvudbO04&pp=0gcJCbAJAYcqIYzv
• https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2024.pdf
• https://indianexpress.com/article/technology/tech-news-technology/ai-law-may-not-prescribe-penal-consequences-for-violations-9457780/
• https://thesecretariat.in/article/meity-s-ai-regulation-report-ambitious-but-no-concrete-solutions
• https://www.ndtv.com/lifestyle/assam-what-babydoll-archi-viral-fame-says-about-india-porn-problem-8878689
• https://www.meity.gov.in/static/uploads/2024/02/9f6e99572739a3024c9cdaec53a0a0ef.pdf

‍

Executive Summary:

In the recent advisory the Indian Computer Emergency Response Team (CERT-In) has released a high severity warning in the older versions of the software across Apple devices. This high severity rating is because of the multiple vulnerabilities reported in Apple products which could allow the attacker to unfold the sensitive information, and execute arbitrary code on the targeted system. This warning is extremely useful to remind of the necessity to have the software up to date to prevent threats of a cybernature. It is important to update the software to the latest versions and cyber hygiene practices.

Devices Affected:

CERT-In advisory highlights significant risks associated with outdated software on the following Apple devices:

• iPhones and iPads: iOS versions that are below 18 and the 17.7 release.
• Mac Computers: All macOS builds before 14.7 (20G71), 13.7 (20H34), and  earlier 20.2 for Sonoma, Ventura, Sequoia, respectively.
• Apple Watches: watchOS versions prior to 11
• Apple TVs: tvOS versions prior to 18
• Safari Browsers: versions prior to 18
• Xcode: versions prior to 16
• visionOS: versions prior to 2

Details of the Vulnerabilities:

The vulnerabilities discovered in these Apple products could potentially allow attackers to perform the following malicious activities:

1. Access sensitive information: The attackers could easily access the sensitive information stored in other parts of the violated gadgets.
2. Execute arbitrary code: The web page could be compromised with malcode and run on the targeted system which in the worst scenario would give the intruder full Administrator privileges on the device.
3. Bypass security restrictions: Measures agreed to safeguard the device and information contained on it may be easily bypassed and the system left open to more proliferation.
4. Cause denial-of-service (DoS) attacks: The vulnerabilities could be used to cause the targeted device or service to be unavailable to the rightful users.
5. Perform spoofing attacks: There could be a situation where the attackers created fake entities or users or accounts to have a way into important information or do other unauthorized activities.
6. Elevate privileges: It is also stated that weaknesses might be exploited to authorize the attacker a higher level of privileges in the system they are targets.
7. Engage in cross-site scripting (XSS) attacks: Some of them make the associated Web applications/sites prone to XSS attacks by injecting hostile scripts into Web page code.

‍

Vulnerabilities:

CVE-2023-42824

• Attack vector could allow a local attacker to elevate their privileges and potentially execute arbitrary code.

Affected System

• Apple's iOS and iPadOS software

CVE-2023-42916

• To improve the out of bounds read it was mitigated with improved input validation which was resolved later.

Affected System

• Safari, iOS, iPadOS, macOS, and Apple Watch Series 4 and later devices running watchOS 10.2

CVE-2023-42917

• leads to arbitrary code execution, and there have been reports of it being exploited in earlier versions of iOS.

Affected System

• Apple's Safari browser, iOS, iPadOS, and macOS Sonoma systems

Recommended Actions for Users:

To mitigate these risks, that users take immediate action:

• Update Software: Ensure all your devices are on the most current version of the operating systems they use. Repetitive updates have important security updates that fix identified weaknesses or flaws within the system.
• Monitor Device Activity: Stay vigilant if something doesn’t seem right; if your gadgets are accessed by someone who isn’t you.
• Always use strong, distinct passwords and use two-factor authentication.
• Install and update the antivirus and Firewall softwares.
• Avoid downloading any applications or clicking   link from unknown sources 

Conclusion:

The advisory from CERT-In, clearly demonstrates the fundamental need of keeping the software on all Apple devices up to date. Consumers need to act right away to patch their devices and apply best security measures like using multiple factors for login and system scanning.  This advisory has come out when Apple has just released new products into the market such as the iPhone 16 series in India. When consumers embrace new technologies it is important for them to observe relevant measures of security precautions. Maintaining good cyber hygiene is a critical process for the protection against new threats.

Reference:

• https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2023-0043
• https://www.cve.org/CVERecord?id=CVE-2023-42916
• https://www.cve.org/CVERecord?id=CVE-2023-42917
• https://www.bizzbuzz.news/technology/gadjets/cert-in-issues-advisory-on-vulnerabilities-affecting-iphones-ipads-and-macs-1337253#google_vignette
• https://www.wionews.com/videos/india-warns-apple-users-of-high-severity-security-risks-in-older-software-761396

‍

‍

Introduction

‍

युद्धे सूर्यास्ते युध्यन्तः समाप्तयन्ति, In ancient times, after the day’s battle had ended and the sun had set, warriors would lay down their arms and rest, allowing their minds and bodies to recover before facing the next challenge, and giving warriors time to rest and prepare mentally and physically for the next day. Today, as we remain endlessly connected to work through screens and notifications, the Right to Disconnect bill seeks to restore that same rhythm of rest and renewal in the digital age. By giving individuals the space to disconnect, it aims to restores balance, protects psychological health, and acknowledges that human resilience is not limitless, even in a world dominated by technology.

The Right to Disconnect Bill, 2025, was recently introduced in the lower house of Parliament during the winter session, which began on 1st December 2025, as a private member’s bill by Ms. Supriya Sule, Lok Sabha MP.

‍

Understanding the Psychology Behind the Proposed Right to disconnect Bill

‍

The purpose of this law is based on neuroscience for humans. When workers are always in a state of being "always on", the situation of their bodies gets to the chronic stress response state where they are getting overwhelmed with cortisol, which is the main human stress hormone. The constant vigilance that the body and mind are under forces the nervous system into always being in a state of sympathetic activation, while depriving it of the restorative (parasympathetic) states that are necessary for genuine recovery. Neuroscience studies show that 96% of heavy users of technology suffer from anxiety and lack of sleep due to technology. This phenomenon is known medically as "bytemares." The brain tries to attend to several things at once, and this way its cognitive capacity becomes thinner, so there is a reduction in focus, productivity is decreased, and the stress level is increased considerably.

Increasingly, the mental suffering that people get through is not only the physical and psychological aspects of it. The digital fatigue generated by the "always-on culture" getting chronic takes its toll on the emotional capacity of the staff, interrupts their sleep cycles (particularly depriving them of REM sleep), and leads to lower melatonin secretion.

Employees in such environments have a 23% increased chance of suffering from burnout, which the World Health Organisation defines as an occupational syndrome consisting of emotional exhaustion, depersonalization, and downgrading of performance. Mental health is the silent destruction that goes on without anyone noticing; the individuals who are affected show productive performance while their neuroendocrine systems are dying little by little.

Hence, the intent of the Indian legislature is clear, which is to prioritize the human dimension, allowing employees, the warriors of the digital age, to pause and recover, fostering work‑life balance without compromising commitment or productivity, and reflecting a thoughtful, humane approach in the modern technology driven world. 

The proposed Right to Disconnect Bill takes position as a law that can greatly help with the mental health of employees and therefore keep them healthy. The bill allows employees to legally disconnect from electronic communication related to their jobs outside of the working hours set by the employer; this way, it recognises more or less that the human brain was never meant to be always connected.

‍

The Need for Digital Detox from a Scientific Perspective

‍

Digital detoxification is the process through which the brain resets its dopamine receptors, hence stopping the process of instant gratification that is constantly reinforced through notifications. The employees who cut off their connection can focus better, remain emotionally stable, and lead healthier lives, the effect of which is measurable. Not only on single persons, but also the World Health Organisation, through its studies, has declared that mental health interventions in workplaces can yield a return of 4:1 on investment through increased productivity and decline in absenteeism.

‍

Digital Detox: Structured Disconnection, Not Digital Rejection

‍

One of the most important aspects of the proposed bill is the acknowledgment of digital detox as a supportive tool. However, it is very important to note that digital detox does not mean completely cutting off technology. It is the rule-based disengagement that brings back cognitive balance. Measures like limiting notifications after work hours, protecting weekends and holidays from routine communication and creating offline time zones facilitate the brain's resetting process. Psychological studies associate such practices with better concentration, emotional control, sleep quality and finally productivity in the long run. The initiative of having digital detox centres and offering counselling services is an indication that the issue of overexposure is not just a matter of personal lack of discipline, but rather a problem of modern working designs.

‍

Positioning Mental Well-Being as Core 

‍

The fundamental aspect of the bill is based on the constitutional assurance provided by Article 21 (Constitution of India), the Right to Life and personal Liberty, which has been interpreted by the courts to cover health of mind and body as well as time for leisure. This law reform grants a right to not be available at work, which means that employers will not be able to require constant availability at work without suffering legal consequences. The Right to Disconnect Bill finally illustrates society's unanimity that, amidst our digital age, mental well-being protection is no more a nice-to-have it is a must-have. The bill permits the guarding of the recovery periods, and at the same time, it recognises that the productivity that is sustainable comes from employees who are rested and mentally healthy, not from the constantly depleted workforce in the digital chains.

‍

The psychological Rationale

‍

Psychological analysis indicates that this always-on condition impacts productivity in measurable ways. The human brain may get overloaded to distinguish between important and unimportant information due to the uninterrupted flow of alerts and communications. The whole process leads to a situation, continuous exposure to alerts diminishes the ability to notice the really important events thus allowing the critical ones to go unnoticed. Burnout results as a natural consequence. Research shows that the psychological state resulting from digital overstimulation is anxiety, sleep problems, tiredness, and inability to focus. 

‍

Work Culture in the Cybersecurity Realm and Analysis of the Right to Disconnect

‍

Although every sector today demands high productivity and significant commitment from its workforce, the Cybersecurity professionals, IT engineers, SOC analysts, incident responders, cyberseucrity researchers, cyber lawyers and digital operations teams are often engage in 24x7 loop because they deal with uniquely critical responsibilities, if ignored or delayed, can compromise sensitive systems, data integrity, and national security. 

It is notable that the flow of activities has been silently but significantly changing the paradigm. Availability has replaced accountability, and often responsiveness is regarded as performance. The “on duty” and “off duty” line blurs when a client escalation or a suspected breach alert calls the phone at midnight. This way, an unspoken rule develops that the worker has to be reachable irrespective of the time as being reachable has become part of the job.

In India, the 48-hour work week that is already among the world's most demanding has been made even more intense by digital connectivity. The work intensity of remote and hybrid models has further crossed spatial and temporal boundaries producing a psychologically endless workday. Hence, the cyber workforce lives in a constant state of low-grade alertness, i.e., never fully sleeping, never fully offline. For professionals working in cyber security, this issue of wellbeing is not just a personal issue but also a business issue. Mental fatigue may lead to poor decision making, slower response time in case of incidents, and more errors being made unintentionally  by people.

Hence comes the relevance of the proposed Right to Disconnect bill, Implementing it in the cybersecurity realm may require employers to plan for additional task forces so that productivity remains unaffected, while ensuring that employees receive the rest and balance they need. This approach not only protects mental well‑being but also creates opportunities for new roles, distributes workloads fairly, and strengthens the overall resilience and efficiency of the organization.

‍

Legislature Intent - The Right to Disconnect as a preventive control

‍

In this scenario, the Right to Disconnect Bill, 2025, which was presented in the Lok Sabha as a private member's bill, can be seen as a precautionary measure in the digital risk ecosystem instead of merely as a employee welfare initiative. It intends to create legally enforceable lines of demarcation between the demands of a job and one's personal life. The bill provisions, like the right not to answer work calls and texts after office hours, protection from being fired, pay for overtime, and agreed-upon emergency protocols, are all tools to set new norms rather than to impose restrictions on the output. 

This can be seen as security logic that has been established in the cyber governance sphere. Even the best systems require planned downtimes for patching, upgrading, and recovery. Humans cannot be treated differently. Loss of operation without recovery will only increase the likelihood of failure. The Right to Disconnect works as a human-layer security, which reduces the risk of incidents caused by fatigue and burnout among employees.

‍

The Legislative Recognition of Human Needs

‍

The Right to Disconnect Bill is a landmark change of thinking, moving from the perception of disconnection as unprofessional to the acknowledgement of it as a basic requirement for human dignity and health. The Indian legislation, which was passed through a private member's bill, clearly defines the limits of professional and personal time. By providing the employees with the legal right to disconnect, the bill affirms what psychological science has been telling us for a long time: people need real breaks to be at their best.

‍

Conclusion

‍

The Proposed Right to Disconnect Bill, 2025, is a progressive move in law, which, among others confirms that a digital world, constant connectivity may undermines both individual health and company/orgnisation’s buisness continuity. A balanced approach is essential, with clearly agreed-upon emergency norms to guide situations where employees may need to work extra hours in a reasonable and lawful manner. It recognises that people are the backbone of the digital ecosystem and need time off to work effectively and securely. In a connected economy, protecting mental bandwidth is as crucial as protecting technical networks, making the Right to Disconnect a key element of sustainable resilience. 

From a cybersecurity perspective, no secure digital future can emerge from exhausted minds. A strong digital and cyber‑India will have laws like the Right to Disconnect Bill, signaling a shift in policy thinking. This law moves the burden from individuals having to adapt to always-on technologies onto systems, organisations, and governance structures to respect human limits. By recognising mental well-being as an essential factor of employee’s wellbeing, the bill reinforces that resilient work ecosystems depend not only on robust infrastructure and controls but also on well-rested, focused, and secure individuals.

‍

References

• https://www.shankariasparliament.com/blogs/pdf/right-to-disconnect-bill-2025
• https://ijlr.iledu.in/wp-content/uploads/2025/04/V5I653.pdf
• https://timesofindia.indiatimes.com/education/news/no-calls-and-emails-after-office-hours-right-to-disconnect-bill-introduced-in-lok-sabha-to-set-workplace-boundaries/articleshow/125806984.cms
• https://www.hindustantimes.com/india-news/what-is-right-to-disconnect-bill-introduced-in-lok-sabha-and-can-it-clear-parliament-101765025582585.html

‍