Hija Kamran

In Pakistan, online gendered violence is often framed around visible harms like harassment, blackmail, and the non-consensual sharing of intimate images. But the violence rarely begins with a viral post or a threatening message. Instead, it begins with data, like phone numbers circulated without consent, women coerced into befriending strangers, photographs scraped from social media profiles, identity related information exposed through data breaches, and location data shared through apps – all of this form the foundation of what is now widely recognised as technology-facilitated gender-based violence (TFGBV). These are all the patterns rooted in weak data protection, poor privacy safeguards, and limited accountability for perpetrators of violence and of law enforcement authorities.

The Digital Rights Foundation’s Digital Security  Helpline has consistently documented complaints involving blackmail, non-consensual intimate image sharing, hacking, deepfakes, and breaches of privacy and trust. These cases demonstrate that gendered online violence is enabled by an ecosystem that allows personal data to be extracted and circulated with minimal oversight. Platforms collect and monetise user data at scale, while regulatory frameworks remain fragmented and under-enforced. In this environment, privacy is treated as an afterthought compared to growth and engagement, and survivors are left navigating legal and technical systems that offer little meaningful redress.

The country’s governance landscape further complicates this reality. Debates around data regulation have often prioritised state’s access to information and control over digital spaces rather than centring user rights and protections. Without a robust, rights-based data protection regime and clear accountability obligations for platforms, the burden of safety continues to fall on individuals, particularly women and marginalised communities who navigate digital spaces and civil liberties distinctively differently than others. Additionally, in a country of over 220 million people, rapid digital adoption presents significant commercial opportunities for technology companies, without essential rights-based safeguards, to advance their services and products in exchange for a lucrative business revenue.

Furthermore, with the lack of a data protection law, sensitive data including biometric records, contact information, private media, and real-time location details, all of which is liberally collected by the public and private sectors, moves across digital ecosystems with limited transparency and weak institutional oversight. Civil society organisations and independent researchers have repeatedly raised concerns about recurring data breaches and inadequate safeguards, including reported leaks allegedly linked to national databases and telecom records.

At the same time, research by digital rights groups has documented how women face threats involving the non-consensual sharing of private photos that are facilitated by social media spaces, often through cross-platform sharing features built into social media infrastructure. These features allow personal content to travel rapidly beyond its original context, often without meaningful consent or traceability. In the absence of clear liability standards and robust enforcement mechanisms, both state and corporate actors operate within a framework where accountability for data misuse remains absent, and accessing justice for affected individuals remains difficult.

When biometric identity systems intersect with weak privacy protections and platform data harvesting, the risks for women and marginalised communities deepen. The convergence of national ID databases, telecom registration requirements, and social media profiling means that personal identifiers can be linked and exposed in ways that make individuals more traceable and more vulnerable. As a result, doxxing, impersonation, harassment, and AI-generated intimate content are operationalised as easily as the data is shared across digital networks where rights are only stifled with no legal recourse. For example, Amnesty International has documented how online abuse against women often involves coordinated harassment campaigns that rely on the circulation of personal information and manipulated images.

As a result, the violence weaponises personal data for perpetuating harm as well as boosting engagement-driven ecosystems that profit off the activities that violent content generates.

Generative AI further intensifies these privacy harms. Globally, researchers have documented how AI tools are being used to create deepfake sexual imagery, overwhelmingly targeting women. One study estimates that up to 95% of all deepfakes are non-consensual pornographic images, with around 90% depicting women. In Pakistan, journalists and activists have reported rising concerns about AI-generated intimate images being used to target them as an additional layer to existing methods of violence that they have been facing. The speed, scale, and ease with which such material can now be produced and circulated is closely tied to platform recommendation systems that privilege virality and emotional intensity.

This dynamic emerges as a structural and infrastructural problem of privacy and power. Platforms collect vast amounts of behavioural and personal data to optimise engagement; recommendation algorithms, ranking systems, and monetisation features then amplify content that provokes strong reactions, including outrage and sexualised harm. A 2016 internal Facebook study revealed that the company’s own research found its algorithms “exploit the human brain’s attraction to divisiveness,” and that content eliciting anger received disproportionately higher distribution because it drove engagement. The same disclosures showed that 64% of extremist group joins on Facebook were due to its recommendation tools. These findings demonstrate that algorithmic design choices, instrumentalised to maximise engagement, can systematically amplify polarising and harmful content because it performs well commercially.

Violent, hateful, and misinformed content is widely recognised to generate high levels of engagement because it provokes strong emotional reactions, prompting users to comment, share, or respond. These interactions, while experienced as anger, fear, or outrage by individuals, are processed by platform algorithms as signals of interest. Most engagement-based systems do not distinguish between positive and negative interaction, so each click, share, or reply is treated as an indicator of relevance. As a result, the algorithm is more likely to recommend similar content to the same user and to others within their network, expanding the visibility and impact of material that would otherwise warrant restriction.

Business of hate

The amplification of hate speech and gendered abuse on social media is not an accidental byproduct of scale. It is closely tied to business models that prioritise engagement, growth, and advertising revenue. Most major platforms operate on an attention economy logic, i.e. the longer users stay, react, comment, and share, the more data is generated and the more targeted advertising can be sold. Recommendation systems and algorithmic ranking are especially optimised to surface content that provokes strong emotional responses.

Independent research corroborates this dynamic, as seen in a 2021 study published in Science Advances analysing posts on Facebook containing language aligning with moral outrage, and how they were more likely to be shared and spread widely, reinforcing the platform’s tendency to amplify emotionally charged and polarising speech. Platforms monetise this engagement through targeted advertising, which is fuelled by behavioural data collected from user interactions. As I report in my analysis for the Center for the Study of Organized Hate (CSOH), social media platforms’ revenues are directly linked to user attention and data extraction, creating structural incentives to prioritise engagement over safety.

In South Asia, these structural incentives intersect with fragile political contexts and deeply embedded gender hierarchies. During periods of political tension between India and Pakistan in 2025, it was widely documented how inflammatory content spreads rapidly across platforms, often promoted by recommendation systems that reward virality and emotional intensity. A report by The Guardian highlighted how social media fuelled disinformation during the war between the two countries.

While such campaigns rely on organised actors, their scale and reach depend on algorithmic amplification that privileges content already generating high engagement. In gendered contexts, the same infrastructure facilitates the rapid circulation of non-consensual intimate images and targeted harassment. The UN Special Rapporteur on violence against women has recognised TFGBV as a systemic issue, noting that platform design and algorithmic amplification intensify abuse by increasing visibility and persistence of harmful content.

Monetisation tools further strengthen these dynamics, as features like ad revenue sharing as offered on X, YouTube’s monetisation models, creator funds, and monetised live streams directly and indirectly incentivise sensational or abusive content if it drives traffic and interaction. Although platforms maintain community standards prohibiting hate speech and harassment, enforcement remains uneven, while algorithmic systems continue to prioritise engagement metrics. The Mozilla Foundation has repeatedly highlighted that recommender systems on major platforms like YouTube amplify harmful content because their primary objective is to maximise time spent and clicks, not to safeguard users. So when hateful or misogynistic content generates high engagement, it becomes profitable within this ecosystem, regardless of its social cost, and hence it is not in the financial interest of the company to moderate this content.

This commercial logic complicates the narrative that harmful speech spreads solely because of individual bad actors. Instead, hate speech and gendered abuse are embedded within a technical and economic architecture that lowers the cost of targeting and increases the rewards for virality. Cross-platform sharing tools enable content to travel seamlessly between Facebook, Instagram, WhatsApp, X, and YouTube, multiplying exposure. Algorithmic ranking systems prioritise posts with high interaction rates, creating feedback loops in which outrage begets visibility, which in turn generates more engagement and advertising revenue, and the cycle goes on. In this sense, amplification is structurally aligned with profit incentives. Addressing hate speech and gendered violence online therefore requires scrutiny not only of moderation policies but of the underlying revenue models, algorithmic optimisation strategies, and platforms’ infrastructures that make such content commercially advantageous.

This model of prioritising engagement over safety has become even more prominent with the rise of generative AI tools linked directly into social platforms. A recent troubling example is Grok, the AI chatbot deployed on X. Between late December 2025 and early January 2026, analysis estimated that Grok generated millions of sexualised deepfake images, many of them depicting women in sexualised settings. According to the Centre for Countering Digital Hate (CCDH), Grok produced about 3 million images in a matter of days, with 65% of the sample data appearing to contain sexualised imagery. Users were coaxing the system with prompts that turned ordinary photos of women into images wearing bikinis or lingerie, sometimes with offensive or demeaning edits, which were then shared widely across public timelines and feeds.

These incidents reveal how algorithmic systems don’t merely respond to user behaviour, instead they increase the visibility of certain kinds of abuse because those kinds of posts generate attention that can be monetised directly or indirectly. AI-generated sexual content is precisely the sort of ‘engaging’ material that keeps people interacting with the platform by generating shares, replies, views, and subscriptions tied to premium features and ad impressions. When Grok was criticised for producing this sexualised content, X’s response was not to entirely disable the problematic feature or fundamentally retrain the model, it instead restricted access and in some contexts linked features to paid subscriptions. Users were told that certain generative functions were available only to paying customers, or geoblocked where local laws prohibited them, essentially enforcing a pay-to-play model rather than safety-first design.

The fact that Grok could generate thousands of sexualised images without robust safeguards in place reflects an incentive structure that places profitability and user engagement ahead of harm prevention. Platforms like X have seen major advertisers leave or reduce spending in the past, but still the underlying systems continue to emphasise engagement-first design because more interactions translate into more ad inventory and proof of higher revenues for both the advertisers and the platforms. Algorithms that pull users deeper into networks of sensational or provocative content regardless of whether that content is harassment, deepfakes, harmful, or hateful, function as infrastructure for amplification. These same dynamics apply beyond Grok as psychological triggers like happiness, sadness, anxiety, fear and anger are drivers of engagement, and engagement is the commodity sold to advertisers at scale.

In the context of gendered violence online, this intersection of algorithmic design and commercial incentive is especially concerning. Non-consensual image creation, harassment campaigns, and coordinated abuse become amplified not just by users who intend to harm others, but by platforms whose business models reward the engagement such content generates. As a result, gendered violence and harmful content thrive not because platforms lack rules, but because the architecture and optimisation logic of these systems embeds incentives for visibility, interaction, and retention that are antithetical to safety. Addressing this requires more than reactive moderation of individual posts, and calls for systemic reform of the engagement-driven infrastructure that forms the foundation of modern social media and AI platforms.

By Aleezeh Fatima

When the 2022 floods submerged entire districts in Pakistan, women queued for hours outside temporary registration desks set up under tarpaulin sheets. Many had lost their homes, livestock, and physical documents. At some relief centres, displaced families pressed tightly around registration offices, trying to submit their identity cards and be recorded for aid distribution. One report described how desperate flood victims “pressed against the door” of a registration room where officials were recording families for shelter and assistance.

To receive emergency cash assistance, many were required to provide fingerprints, national identity numbers, and mobile phone verification codes. For some women, it was the first time they had engaged directly with a biometric system.

In that moment, survival required surrender. Access to relief was tied to participation in digital systems that collected fingerprints, identity records, and phone numbers, often without clear explanations of how this data would be stored, shared, or protected. For women who had already lost homes and documentation to the floodwaters, the ability to refuse was virtually nonexistent. Aid depended on compliance, turning personal data into another currency of survival.

Climate disasters have always exposed inequality. They reveal who lives in floodplains, who works informal jobs, and who lacks insurance. Increasingly, they also reveal something less visible but equally consequential: who is absorbed into digital systems without privacy protections.

Across South Asia, humanitarian response has become deeply digitised. Biometric identification, mobile money transfers, SMS registration platforms, and national identity databases now form the backbone of disaster relief. These systems promise transparency and efficiency. Yet for women, especially those with limited digital autonomy, they introduce new and long lasting vulnerabilities.

When the waters recede, the databases remain.

A Region Under Escalating Climate Stress

South Asia is among the most climate exposed regions globally. According to the World Bank, nearly 90 percent of the region’s population is projected to face intense heat exposure by 2030, while more than one in five people will experience severe flood risk.

Flood events are already devastating in scale. The 2020 South Asian floods resulted in at least 6,511 deaths and caused estimated economic losses of 105 billion US dollars. Bangladesh alone has nearly 60 percent of its population living in areas vulnerable to cyclones and flooding.

UNICEF’s Children’s Climate Risk Index places Afghanistan, Pakistan, India, and Bangladesh among countries where children face extremely high climate risk, reflecting broader systemic exposure to climate shocks.

As disasters intensify, displacement becomes cyclical rather than exceptional. And displacement increasingly triggers digital registration.

The Digitisation of Survival

Over the past decade, humanitarian actors have adopted digital tools to streamline aid distribution and reduce corruption. These include biometric verification systems, national ID linked databases, geotagged beneficiary lists, and mobile money transfers.

A 2017 report by Privacy International documents the use of biometric data in cash transfer programmes across at least fifteen countries, including Pakistan, Afghanistan, and India. Biometrics are often framed as fraud prevention tools. Yet they also expand the collection of highly sensitive personal data in crisis settings.

In Bangladesh, research on biometric big data has warned that weak legal protections and insufficient oversight create risks of data misuse and unauthorised sharing. In contexts where comprehensive data protection frameworks are absent or weakly enforced, emergency data collection can quietly become permanent infrastructure.

The logic is administrative efficiency. The reality is expanding data capture at moments when consent is structurally compromised.

Gendered Digital Inequality

Digital systems do not operate in gender neutral environments. South Asia faces one of the widest gender gaps in digital access globally.

UN Women’s Asia Pacific research identifies Afghanistan, Pakistan, and Bangladesh among countries with significant disparities in women’s access to digital technologies. In many rural communities:

• Women are less likely to own personal mobile phones
  • SIM cards are registered in male relatives’ names
  • Devices are shared within households
  • Digital literacy gaps persist

When disaster relief requires one time passwords sent via SMS, biometric authentication, or online form submissions, women may depend on male intermediaries to complete registration. That dependence undermines both financial autonomy and data control.

Consent in emergencies is rarely meaningful. A woman who must choose between food assistance and data surrender is not exercising free choice.

Bangladesh: Environmental and Digital Exposure

Bangladesh’s climate vulnerability is increasingly intersecting with digital governance systems. The country experiences frequent cyclones and floods that displace millions and trigger large-scale humanitarian responses. When Cyclone Amphan struck in 2020, an estimated 10 million people were affected and about 500,000 families lost homes or shelters. Relief efforts involved large beneficiary lists and emergency cash assistance programmes targeting thousands of households.

In several relief initiatives, beneficiaries were required to provide phone numbers linked to mobile financial service accounts so that cash transfers could be processed. This growing reliance on digital registration systems means that climate disasters often lead to rapid and large-scale collection of personal data.

For women, exposure of personal phone numbers or identity details can lead to harassment, social stigma, or exploitation. In patriarchal settings, privacy is not only an individual concern but a communal one.

India: Aadhaar and Biometric Governance at Scale

India’s Aadhaar programme is the world’s largest biometric identity system, covering more than 1.3 billion residents.⁹ The system is widely integrated into government welfare programmes and Direct Benefit Transfer schemes used to deliver financial assistance to citizens.

During climate disasters, Aadhaar frequently becomes part of the relief infrastructure. In flood-affected states such as Andhra Pradesh, authorities have used Aadhaar data to identify beneficiaries and verify bank accounts before distributing compensation. In one flood relief programme, enumeration teams collected Aadhaar details to validate beneficiary identities before transferring compensation funds to affected households.

Aadhaar systems have also been mobilised in disaster recovery efforts when people lose identity documents. After the devastating 2018 Kerala floods, government agencies were instructed to provide free digital copies of Aadhaar to flood victims in relief camps using biometric authentication so they could regain access to services and assistance.

These examples illustrate how biometric identity systems become embedded in disaster response. When identity verification is required to receive compensation or replace lost documents, biometric authentication can effectively become a gateway to recovery. At the same time, the scale of Aadhaar introduces systemic risks. When such vast identity infrastructures underpin emergency aid systems, even minor vulnerabilities or data leaks can affect millions of people.

Afghanistan: Data in Fragile Governance Contexts

Afghanistan presents a different but equally concerning scenario. Researchers and human rights organisations have warned that digital identity and biometric systems deployed in fragile governance contexts may expose sensitive data to authorities or armed actors without adequate oversight.

These concerns intensified after the Taliban takeover in 2021. Over the previous two decades, international forces and Afghan authorities had collected biometric data from millions of Afghans through systems such as the Afghan Automated Biometric Identification System and the US military’s biometric database used for security and identity verification. According to reporting by MIT Technology Review, these databases included fingerprints, iris scans, and biographical information collected during military operations and administrative processes.

When governments change or institutions collapse, such datasets do not automatically disappear. Humanitarian and security databases may persist on servers, devices, or shared platforms long after the programmes that created them have ended. Experts warned that biometric records collected during the war could potentially be accessed or repurposed by new authorities, placing individuals whose identities were recorded at risk.

For women who are displaced, widowed, or undocumented, the risks can be particularly acute. Many may have limited understanding of how their biometric or identity data is stored or shared once it is collected during registration processes. In fragile political environments, digital records can outlast the institutions that created them, raising long-term questions about control, access, and accountability.

The Humanitarian Privacy Gap

Humanitarian organisations increasingly recognise the need for data responsibility, yet implementation remains uneven. The Humanitarian Practice Network has highlighted growing concerns about safeguarding digital data in humanitarian initiatives, including blockchain based systems.

Even anonymised datasets can sometimes be re-identified when combined with other information, a phenomenon known as the mosaic effect.¹³ In data rich environments, aggregation does not guarantee anonymity.

Emergency data collection often prioritises speed and coverage over privacy impact assessments. Gender sensitive safeguards are rarely embedded at the design stage.

Digital Aid and Structural Inequality

Digital cash transfers are often presented as empowering for women by providing direct access to funds. Evidence shows that digital financial inclusion can enhance autonomy under the right conditions. However, outcomes depend on control.

If a woman does not control the phone linked to her account, she does not control the funds. If biometric records are stored without clear deletion timelines, she cannot control future access. If informal volunteer spreadsheets circulate her phone number, she may face harassment.

Climate disasters amplify dependence. Digital infrastructures can either reduce inequality or reproduce it.

Climate Justice as Digital Justice

Climate governance is becoming inseparable from digital governance. Early warning systems rely on mobile networks. Compensation depends on identity databases. Adaptation planning uses satellite and AI driven mapping.

This digital layer is not neutral. It reflects existing power hierarchies.

A rights based climate resilience framework must therefore include:

• Enforceable data protection legislation
  • Independent oversight bodies with gender expertise
  • Data minimisation principles in emergency settings
  • Clear deletion and retention timelines for biometric data
  • Transparent vendor contracts in humanitarian tech procurement
  • Offline access pathways for women without secure digital control

Climate justice cannot be achieved if adaptation mechanisms expose women to long term surveillance or exploitation.

A Policy Imperative for the Climate Era

The climate crisis is accelerating the datafication of survival. As disasters become more frequent, digital registration systems will expand. Without robust safeguards, emergency infrastructures risk normalising intrusive data practices.

Governments in South Asia are simultaneously expanding digital ID systems, experimenting with AI driven governance tools, and strengthening disaster response platforms. These trajectories are converging.

Policymakers must recognise that privacy is not a secondary technical issue. It is foundational to dignity, autonomy, and security. In contexts where women already face structural discrimination, digital exposure can translate into economic coercion, social control, or targeted harassment.

Climate resilience planning must integrate privacy impact assessments into disaster preparedness frameworks. Gender audits of digital aid systems should be mandatory. International climate finance should allocate resources specifically for data protection capacity building in vulnerable states.

Resilience is not only about rebuilding infrastructure. It is about ensuring that systems designed to save lives do not quietly compromise rights.

When the floodwaters recede, homes can be reconstructed. Fields can be replanted. Roads can be rebuilt.

But once biometric data is captured, once identity systems are linked, once personal details circulate beyond control, recovery is far more complex.

In a warming world, the true test of resilience will not only be how well societies withstand the next storm. It will be whether they can protect the rights of those most vulnerable while doing so.

Maheen Azmat

There is a specific, hollow exhaustion that all of us have experienced at some point in our lives (or rock bottom, as it’s usually called), sparked by a kind of loss or grief that sends your thumb recoiling into the interface of one of the apps, or worse, into an AI chatbot. This instinct seeks some form of desperate reassurance that the knot of anxiety in your chest isn’t uniquely terrible, a personal failing or worse, like stepping into a world anew where your pain is somehow the most unprecedented thing in the world. The algorithm, of course, has adapted to the fact of this vulnerability. It knows you want to feel less alone, even as it covertly and ironically creates newer versions of this alienation–from the self and from your larger community. And it has learned to feed this longing for connection back in the form of curated fragments—infinite scroll formats, regurgitated tweets and pastel-colored infographics.

Once you’re successfully hooked on these little fragments (thanks to doomscrolling), the algorithm also nudges you into being a bit of a content creator yourself, even if you’re not an “influencer” in the conventional sense of the word. Slowly but surely, you find yourself absurdly inserted into a scene from a digital funhouse that arranges your life’s experiences for you by making self performance a necessary condition of your “offline” life as well. You become a performer in a theater of mutual surveillance, playing to an audience that is invisible but omnipresent, with a frontstage that bleeds into your daily life. Alone or not, this means that your grief, pain and insecurities are no longer private and complex; they’re communal projects or props used in an ongoing audition for belonging, and validation, from people who have very little bearing on your day-to-day life. If everyone’s posting cute pictures of cafe decor, how are you distinguishing yourself? And why should anyone pay attention to you? Under the weight of these questions, the audience never leaves and eventually, the performance, the audience and the self, all end up collapsing into one another. As Jia Tolentino would contend, the show never really stops because there is no backstage to retreat into; just the idea that it exists somewhere, out there, far away from you.

This performance is continuous, and it has to be, more so now than ever before, because the stakes around “staying relevant” are invariably higher now. Gradually, performing has become a way to ensure that you’re not written out of the script entirely. The message is simply that for you, your life or your pain to matter, it must be laid bare and turned into a spectacle. Not posting is only a choice on paper, because it comes with the acknowledgement that you will be forgotten or deprioritized–a verdict that feels even more existential and damning in a social landscape marked by disconnection. This deprioritization is a risk that the algorithm also interweaves strategically through the use of discovery or engagement systems that immediately fade you into the background to punish your lack of platform presence and participation. On a personal level, this imposed sense of being nothing is also internalized as an exaggerated threat to your social and personal life. The algorithm, under this inverted logic, stands for the larger audience or public whose favor you must earn consistently in order to belong somewhere.

In the early years since its inception, the internet looked a little different, and even promised to be a place of endless possibility. Its more expansive claim was that it opened up worlds that had not existed before, offering a global experience that would enrich our personal and cultural horizons. This fact now coexists uncomfortably with the demands of the digital attention economy, which has quickly turned the experience of being a person who is online (in any capacity), into something much more dangerous. This relentless desire to see and be seen (since one can’t exist without the other) is something that has etched itself into the very architecture of our digital lives. In turn, this hypervisibility is tracked, categorized, and configured into a system of continuous surveillance where your information generates revenue. So, even as the intimacy of loss expands outward and we are folded into the internet’s promise of connection and universality, eventually, our deeply personal life experiences become data points in a vast web of networked captivity.

For a lot of women, however, the internet has offered new imaginaries and ways to inhabit spaces in a way that they can’t in their personal lives. It's provided a vocabulary for validating the mental and emotional toll that, across generations, was often dismissed as “hysteria.” For many, this has been a reckoning of sorts, a moment for experiencing a kind of shared relief that is inaccessible otherwise. However, the internet also knows this, and it has co-opted this in a variety of different forms, levying a hidden tax in exchange for this sense of liberation. This is also why you often end up encountering think-pieces and tweets that tell you that naming your struggles is indeed resistance, and that self-diagnosis is you finally taking ownership of a narrative that might otherwise not find space anywhere else. In this context, sharing is brave, private pain is public testimony, and all of this–the messiness of our emotional lives–is something that you can offer up at the altar of the internet in the hopes that someone else will make sense of it, and recognize themselves in it. Most of all, the hope is in mutual redemption.

On the surface, this sounds like a viable alternative for navigating a world that is increasingly fractured by a lack of community. If we look deeper, though, we find examples like BetterHelp. This is a mental health app used by over 7 million people that was recently fined $7.8 million by the FTC for sharing users’ depression symptoms, anxiety levels and therapy intake questionnaires with Facebook and Snapchat for advertising purposes. The context of whatever you share online, therefore, is exactly what the algorithm is meant to dehumanize and strip away, until it assumes the form of measurable and quantifiable data units.

The asymmetry is built into the fact that this predatory and deliberately confusing design maintains the illusion of a healthy, two-way exchange between two people, situated in or across two different corners of the world. In that sense, your information, to you, is an earnest expression of your vulnerability, and you're encouraged to see it as an exercise in radical transparency also. Your “consent,” on the other hand, is often acquired through opaque methods, including endless unreadable terms of service that few take time to read, or cookies (tiny trackers that record your information). The algorithm relies on this inattention, drawing up a detailed map of your behavior and emotions, and trading your privacy for fleeting rewards that keep you engaged. Meanwhile, an insidious third–party corporation benefits from this by repurposing that same information for profit, and surveillance. This gathering of intel, in turn, can leave a digital footprint that can be weaponized at any given moment and misused, having long-term implications for privacy, security and trust in digital systems.

Essentially, then, you might gain some emotional value or catharsis by putting yourself “out there,” but for a lot of firms and social media apps, that translates into currency used to authorize a kind of spying where they can reduce the same experiences to marketable niches. This is a shadow contract, something that dissolves social context through a reliance on a hidden, computer-mediated process where free will imperceptibly disappears. And you’re deliberately made to believe the opposite of that.

The internet actively shapes this desire to be seen and in turn, this desire for legibility, specifically for women, morphs itself into a new, digital version of the medical gaze. As many feminist theorists of the medical gaze have argued, rendering the female body visible has historically been the precondition for regulating it as well. Within the four walls of the clinic, the body was isolated, examined, classified, and something that could essentially be “fixed.” Today, that same sense of passivity (forced on the receiver of that gaze) extends to the digital world as well. Here, as a woman specifically, you’re constantly “under observation,” and navigating a clinical space where you’re encouraged to label and pathologize yourself into coherence. The doctor’s invasive gaze is outsourced to the algorithm, which treats the female body and experience as a defamiliarized specimen, something to be probed and analyzed. Women, therefore, in the absence of accessible mental healthcare, are encouraged to self-diagnose and overshare themselves online into living more authentic, uninhibited lives. The only difference is that you are now convinced to participate in your own examination, making you both the patient and the pathologist.

The visual clutter of your day-to-day Instagram feed also disconnects you from the larger and serious implications of diagnosing yourself from the comfort of your bedroom. The mechanics of the feed introduces this idea that whatever is “wrong” with you, has a name or a label that you can ascribe to yourself. On an infinite scroll, for example, you’ll find someone’s byte-sized recipe for making pasta sitting comfortably alongside an infographic that declaratively says “5 Signs You Have High Functioning Anxiety.” Cognitively, you are encouraged to “pick” a complex psychological condition with the same frictionless logic with which you’d adopt a cooking hack, as if both of those things require the same amount of seriousness or attention. A reel will tell you that you’ve got “avoidant attachment,” and another reel will tell you that your inability to get out of bed and do anything is “executive dysfunction.”

As you move through similar reels, you generate data that turns normal moments of private confusion or pain into something extraordinary, and consequently, market research. This follows you across the internet, shaping what ads you see, what opportunities you're offered, or the kind of content you generally consume. You are now more susceptible to an impulse purchase or an ad that offers to alleviate that sense of insecurity or loneliness, with a particular focus on products like focus supplements, organizational planners, and online courses. Your emotions, in this scenario, are prime real-estate, and for companies, an inventory to be filled with curated consumption. You could be a person in pain, with limited avenues for expressing that pain, but to the algorithm, you are a consumer who is statistically more likely to buy.

In effect, you’re encouraged to shop for different identities, to look for terms that allow you to flatten complex psychological histories and the micro-logics of your day-to-day social interactions, into a neat category. These labels are essentially dead-end explanations that tell you why you are the way that you are, and they also externalize any responsibility for how you show up, in your own life and in other people’s lives.

Once you’ve claimed a label or an identity, you’re also offered a kind of vibes-based “coaching” on universal truths that are cherry-picked based on what the algorithm rewards. The “advice” that follows from it is invariably also based entirely on aesthetic and mood, rather than actionable evidence-based psychological tools. Unsurprisingly, this is because for a lot of these “truth tellers,” healing is simply a moodboard that sells. You can speak in therapy, but online, you will call yourself a “coach” to sidestep the ethics of professional practice, while lazily doling out analyses around complex, nuanced emotional experiences. Within this framework, your subjective experiences are data points rewarded for their simplicity while a single action (a friend not liking your story, a late text) is treated as evidence of a fixed character flaw (your friend is secretly jealous of you or if your partner “wanted to, he would”).

The algorithm encourages this for a number of reasons. For one, when you’re seeking out advice on relationships, for example, you’re signaling to the algorithm that you are a user in a state of relational instability. You’ve introduced your crisis, and now the system must respond to it by churning up a new opportunity for consumption. Secondly, a reel on attachment theory or infamously “5 ways to make him think about you,” functions very much like a digital casting call that recruits women into an endless search for “decoding” and assigning some sense of predictability to male behavior, especially in the context of romantic relationships. The male gaze never disappears, but instead, is mutated and absorbed into the digital infrastructure of the platform. Self-surveillance becomes a romantic strategy, and “hacking” the male gaze, a puzzle worth solving. On the surface, this appears as a neutral interface; one that conveniently always ends up with women locating the source of dysfunction in their own selves.

The algorithm learns, through the many ways in which we interact with it, which performances of femininity generate the most friction-less engagement. It prioritizes them, teaching women very implicitly that to be seen is to be ranked, and that to “qualify” for this ranking, you must view your life through a lens of marketable desirability. The proliferation of content by spiritual grifters and pseudo experts only makes this worse. This also takes the form of Ted-Talk sized reels that “teach” women how to be “high value,” “low maintenance” or the “phantom ex,” inciting them to believe that if they can discipline their emotions and curate their “mystique” correctly, they can “make” their ex regret them by turning themselves into a “spectacle” of detachment. Self surveillance, as a data-generating mechanism, is reframed as empowerment, and as a woman, you’re made to believe that managing the perception of a man who is no longer in your life, is a way to take “back” power. Ultimately, your vulnerability as a woman (your insecurity about relationships, your body, your worth) becomes a marketable demographic that ad-tech ecosystems bid on.

Systemic harm, in this manner, is individualized, and our pain is, at the end of the day, still uniquely ours to carry and “solve.” By encouraging us to shop ourselves out of personal crises, platforms effectively erase the possibility of engaging in any kind of collective refusal. Your pain, through this insistence on self-optimization and purchasing, turns systemic harm into private defects that can be corrected by looking inward. It is no longer a shared political condition, but a platform-driven catalogue of personal, and hence, marketable “failures.” The question, then, is in trying to locate or understand what accountability looks like when the very fabric of our social lives is built on extraction. What we've accepted as inevitable online is, at its core, a poverty of imagination. Against this logic, it is important to ask: what would feminist digital alternatives look like in the absence of digital monetization? And how would they bypass the idea that healing can be engineered, moving us instead towards spaces where it is carefully cultivated through love and care?

Rija Ahmad

In the northern region of Gilgit, on a rainy afternoon, 15- and 16-year old sisters Noor Sheza and Basra were caught briefly in a moment of joyous indiscretion- as children often are. For whenever the monsoon pattered over the better part of the country, the image of naked boys splashing into city canals brimming with murky rainwater was a regular fixture of the season’s greetings. While no less tender or earnest, the image of the two sisters found itself propelled out of the privacy of their own home and at the receiving end of harsh, unforgiving eyes on social media. The ‘indecency’ of the public affair cost them their lives.

Stories like these are surprising not because they confirm what we already know- society’s unrelenting epidemic of violence against women- rather, they serve as reminders of the reality many women still face under the puritanical scrutiny of conservative society, wherein the most quotidian of events are still bearing the heavy burden of measuring a woman’s shame and honor. Human rights defenders estimate that over a 1000 women are killed in honor-related killings each year, with offences varying from marrying of their own choice to being seen with a member of the opposite sex.

To understand why such benign actions can prove dangerous for women in South Asia, one must first understand the structure of honor-shame cultures and how it duplicates itself in online spaces. Academics like Abu-Lughod have written extensively on how concepts of collective family honor function as social infrastructure: they regulate belonging, marriage prospects, economic relationships, and physical safety. In these frameworks, a woman's conduct is never entirely her own; it is communal property, subject to surveillance and adjudication by family, neighbors, and community alike. Once these cultures map themselves onto the digital world, they apply what anthropologist Mirca Madianou describes as 'polymedia pressure,' wherein the communication platform intensifies these existing power asymmetries. In patriarchal societies, the consequence is a near-total collapse of the private sphere for women. Moments that were private can now be instantly extracted from its context and circulated as evidence of moral failure. One needs only to peruse local headlines to see this take place in real time; take for example, two girls who were killed for a leaked mobile video in Waziristan for being seen with a man, or in another instance, for clapping during a wedding dance.

It should go without saying, but the circulation of online material on digital platforms has tangible physical consequences to user’s well-being and safety. In the case of women in South Asia, these harms can be posed by material that need not be sexually or violently explicit, as we have witnessed, it need only violate the patriarchal codes of honour. This shifts our attention away from the spaces where this culture is created, but the digital spaces where it’s allowed to persist: digital platforms.

Social media platforms are responsible for governing vast amounts of data and online material from all over the globe, compromising various cultures, norms and languages. The main mechanism to regulate these online spaces is the content moderation policies of each platform, a set of terms consisting of a legal framework and community guidelines that act as guiding principles for the appropriateness of online content; governing what can or cannot remain online. These guidelines are then braced with the difficult task of being effective in identifying posed harms from content varied in language, context, and social norms- a task which they consistently perform through biased decision-making and structural inequalities.

Research and empirical evidence has come to shed light on how social media platforms’ guidelines for content moderation are based on euro-centric frameworks and are ill-equipped to make accurate judgements applicable to other contexts. Certain platforms, such as Meta, apply a ‘universal code’ of ethics onto every community that interacts with its platform. This lack of contextualisation undoubtedly underpins politics and biases into the careful task of creating safe online spaces. By enabling discrimination in how moderation is conducted, there are disproportionate outcomes for different user groups who are on the receiving end of opaque and unilateral moderation guidelines. A study conducted by researchers at Cornell University, based on in-depth interviews with Bangladeshi social media users, found that Facebook’s enforcement of community standards reflected a distinctly Western understanding of ethics which disregarded local social norms, and allowed for abusive or harmful content to slip through the cracks. Several users claimed they felt ‘harassed’ by Facebook’s inequitable policies, going so far as to say it was an exploitative consolidation of power in who gets to decide what is appropriate online conduct and what isn’t.

This claim is echoed by several academics and digital activists who criticise Western social media platforms as a contemporary exercise in colonial power. Platforms benefit and profit immensely from collecting and harvesting data on millions of users from the Global South, yet fail to mitigate online harms for those same communities, often without explanation or useful channels to contest their decisions. Moderation decisions are often opaque and arbitrary, with no meaningful channels for appeal, compounded by phenomena like shadow banning, where users experience sudden drops in engagement or content disappearing from searches with no explanation or recourse, ultimately creating a digital bubble where social media platforms control the reins. As reported by the Center of Democracy and Technology, social media platforms are responsible for further entrenching colonial power structures through an unequal division of labor; one which reserves the power and agency to decide what remains online in the hands of private Western enterprise, and relies on communities from the majority world to produce the content.

These structural inequalities and biases however, should not be assumed to be taken as consequences of a flawed design. Rather, evidence has proven that platforms are aware of the biases in their systems and have chosen not to dedicate more resources to improve them, despite the severity of the consequences. Leaked internal documents revealed by whistleblower Frances Haugen in 2021 revealed that the platform spent 87 percent of its misinformation budget on English-language content, despite only 9 percent of users posting in English at the time, and was aware it had not hired enough workers who had the language skills and knowledge needed to identify objectionable posts from users in developing countries. Companies have consistently underfunded annotation efforts for languages spoken in what internal employees themselves describe as 'less profitable regions'-  a phrase that makes the logic explicit. When platforms do attempt to extend moderation to non-English content, the content is often machine-translated into English before review, with moderators not informed of the original language, thereby stripping words of the very social and cultural meaning that would make the harm legible in the first place. Another report identified how tech platforms actively hindered attempts made by independent researchers to develop inclusive  automated content moderation systems for low-resource languages by refusing to share valuable data or by charging exorbitant fees to gain data access. The decision to continue to under-utilize resources for indigenous and non-English languages is a calculated and decisive one; one that exists to maintain a Western hegemony on digital moderation systems and AI training datasets, excluding the Global South, its communities needs and interests.

This has considerable consequences for vulnerable communities online, particularly women. Without considerable resources, inclusive moderated systems, and trained staff, harassment expressed through non-English languages, culturally specific threats, and nuanced slang often go undetected. This signals to perpetrators that the likelihood of consequences is low, reinforcing cycles of harassment and impunity.  A report by Aljazeera illustrated this phenomenon taking place by detailing how Facebook failed to act when a page hosted on its site was repeatedly being used to target young women and girls at a university in Peshawar through means of sharing nonconsensual photos and blackmailing them. The content was in Pashto, yet Facebook lacked anyone in their team with Pashto language skills. Activist Nighat Dad commented on Facebook’s inability to remove the page, “They simply didn’t understand the language or the cultural context in which this was happening”. Similarly, DG Amna Baig, lead of the Gender Protection Unit in Islamabad, cited different cases where leaked photos of women in ‘half-sleeves’ or in public spaces were not flagged as explicitly sexual or harmful by content moderators, “our contextual realities are not being captured by the community guidelines of these social media platforms,” she asserted. Meanwhile Facebook, Instagram, and Messenger have been identified by researchers groups in Bangladesh and India as a frequent vehicle for the distribution of morphed or non-consensual images, with their reporting mechanisms slow and often unresponsive to content submitted in Bengali, Urdu, or Hindi. Across all these platforms, the pattern is the same: harm passes invisibly through automated systems calibrated for another context entirely.

When viewed together, these failures culminate to form a system: a system in which the cultural context that makes harm legible is stripped away, in which the communities most targeted have the least recourse, and in which the platforms that profit most from their presence invest least in their protection. To continue treating these outcomes as technical shortcomings or resource constraints is to obscure what they actually represent: a denial of minorities and vulnerable communities' right to exist safely in digital spaces. Of these vulnerable communities, women in conservative and patriarchal societies are the most impacted by Big Tech’s failure to prioritise a culturally-sensitive and multi-lingual system to regulate content online.

The question, then, is not whether these platforms can do better-  the evidence makes clear they already know how- it is whether there exists sufficient political will, from both governments and civil society, to compel them to. Rather than relying solely on platform self-reporting or imported regulatory templates, governments can formalise advisory councils or review bodies that include women’s rights groups, journalists, linguists, and technology policy experts.  Platforms should be legally obligated to publish regular reports detailing content moderation response times, takedown rates, and appeal outcomes by language and country. Without such disaggregation, Global South users remain statistically invisible, and regulators lack the evidence needed to identify systemic under-enforcement or discriminatory prioritisation.

Until platforms reckon honestly with the Eurocentric architecture of their own guidelines, and invest meaningfully in the communities they have for too long treated as secondary users, the digital sphere will continue to function as an instrument that threatens the safety of women.

Saadia Mazhar

A 22-year-old woman, Muzammil Shahzadi, allegedly committed suicide in Kasur due to severe mental pressure and blackmail by a neighbour who recorded obscene videos on the pretext of marriage and used them to threaten her. According to the FIR, the woman was put under so much distress that she was forced to take her life, highlighting the psychological trauma, blackmail and harassment that can be inflicted on young women. Police have registered a case and launched raids to arrest the accused, and evidence is being collected from mobiles and other sources for legal action.While authorities registered a case and launched an investigation, the tragedy raises a deeper question: when online harassment escalates to life-threatening abuse, do victims trust state institutions enough to seek help before it is too late?

 

Technology-facilitated blackmail and online abuse disproportionately affect women in Pakistan, reflecting broader patterns of digital gender-based violence that extend far beyond the screens where they originate. According to a comprehensive report by the Digital Rights Foundation (DRF), women filed the majority of the 3,171 complaints of tech-facilitated gender-based violence in 2024, including coercive non-consensual intimate image (NCII) and image-based abuse cases that targeted women in 85 % of NCII complaints and 81 % of image-based abuse incidents. These abuses are often used deliberately to exert reputational harm and pressure victims into silence. Many survivors face significant logistical, financial and cultural barriers when seeking redress, which discourages reporting and reinforces social stigma around these violations. Studies show that a large proportion of women do not report online harassment because they fear family backlash, shame, or a lack of trust in institutions to handle their cases sensitively. Research also links online psychological and digital violence with debilitating emotional effects, such as anxiety, depression and suicidal thoughts, especially in conservative social contexts where personal reputation and family honour shape women’s participation in public and private life. Together, these findings indicate that the harms of digital abuse, from coercive blackmail to doxxing and trolling, can lead to profound psychological distress, social isolation, and barriers to women’s civic, professional and personal freedoms in Pakistan’s digital spaces.

 

That question becomes even more pressing in light of the recent restructuring of Pakistan’s cybercrime enforcement system. The National Cyber Crime Investigation Agency (NCCIA), carved out of the FIA’s Cyber Crime Wing and presented as a reform to improve efficiency and technical capacity, was meant to strengthen the state’s response to online abuse. Shortly after its formation, the agency faced internal credibility concerns after investigations into alleged officer misconduct, raising questions about transparency and internal accountability. More recently, over 100 contractual employees of the NCCIA reportedly saw their contracts expire without renewal, despite the agency already facing staff shortages and an increasing volume of complaints.

 

An official within the NCCIA, on condition of anonymity, acknowledged that limited human resources and technical capacity remain major challenges, affecting the agency’s ability to effectively process and investigate the growing number of cybercrime cases across the country.

 

Moreover, there is no comprehensive data protection framework in place to adequately safeguard survivors’ sensitive digital information during investigations, and there has been no consistent professional training or strict internal protocols within investigative authorities aimed at preventing data leaks. Shah Fahad, a lawyer, tells that in cases where sensitive information is mishandled or disclosed, the available remedies are limited and largely reactive, such as filing departmental complaints, initiating constitutional petitions for violation of fundamental rights, or seeking criminal action under relevant cybercrime provisions, while the absence of a dedicated data protection regime significantly weakens accountability and effective redress mechanisms. He also noted that current investigative practices can sometimes re-traumatise women complainants. In several cases, survivors are initially discouraged when they are told that their complaint may not fall within the legal definition of an offence, or are questioned in ways that appear to shift responsibility onto them — for example, being asked why private material was shared in the first place or whether they themselves circulated the content. Such questioning, he said, risks diverting attention away from the accused and onto the victim. According to him, procedural and structural gaps within the cybercrime response system further complicate access to justice. Investigative limitations, heavy caseloads and repeated procedural delays can prolong cases for years, creating additional social and financial pressures that discourage many complainants from pursuing their cases to completion.

Yasal Munir, Senior Manager Programs at the Media Matters for Democracy, says the reporting process itself can be deeply discouraging for many women facing online abuse. “Cybercrime has serious consequences for women’s mental well-being, yet the dominant social response often dismisses their experiences,” she explains, noting that victims are frequently told to simply ignore online harassment or leave digital platforms altogether. Such attitudes, she argues, effectively push women out of online spaces rather than addressing the abuse.

Munir also highlights structural flaws in the reporting process. “Survivors are often asked to collect and submit evidence of abuse themselves. In cases involving non-consensual intimate imagery or targeted harassment, this means repeatedly reviewing and organising the very material that caused them trauma,” she says. According to her, the evidentiary process lacks trauma-informed protocols and places a heavy emotional burden on survivors who are already dealing with the psychological impact of online abuse.

 

In the past, there have been cases in which court files of survivors (including their personal details, containing their graphic images) have gone missing. Even if a complainant files an FIR, then their phone number is written on it and if shared online, it compromises their safety. There is a threat of doxxing, hacking of their social media accounts, and other privacy concerns which arise when women go to report crimes against them. The process itself discourages women from going forward with their complaint.

 

While investigating agencies can access communication records and preserve digital evidence, the law does not offer any insight into what happens to the data once it has been collected. There are mandatory timelines for data deletion, no enforceable access controls for sensitive data, a prohibition on the use of data collected in one investigation for unrelated purposes, and even an independent oversight mechanism to audit data use within NCCIA. The absence of this framework means that the data profile created in the course of a cybercrime complaint is structurally unprotected, she further added.

 

A journalist from Peshawar, Mahreen Khalid spoke to me about an incident where she was let down by the NCCIA’s response to her case of online harassment. She shared a video, expressing her view that Valentine’s Day should be celebrated with parents and siblings as a way of promoting family values, which unexpectedly went viral, reaching millions of views. However, soon after, a male social media user reposted the video and launched a personal attack against her, questioning her family background and attempting to malign her character. Speaking to me, she said that the incident amounted to clear character assassination and online harassment. “Following the incident, I approached the NCCIA office in Peshawar, accompanied by my father, to formally lodge a complaint. What shocked me most was the response from the authorities.” According to her, the female officer registering the complaint stated that the department does not have the technical capacity to trace IP addresses in such cases and that complaints of this nature are often dismissed at the initial stage. “This kind of response is deeply concerning,” Mahreen added. “Such attacks severely damage a woman’s reputation and mental well-being, yet our institutions appear least sensitive to the seriousness and impact of these issues.”

 

Senior journalist Riaz ul Haq, who covers the National Cyber Crime Investigation Agency, said the shift from the Federal Investigation Agency (FIA) to the new body has brought little real change. He described the institution as “a new authority with old duties,” adding that contractual staffing, chaos, and external influence have weakened its functioning. According to him, the online complaint system is disorganised and often unresponsive, forcing victims to visit offices repeatedly to resolve basic issues. He also raised privacy concerns, saying authorities rarely explain how collected data is used and that phones are sometimes taken under pressure during investigations. Haq further noted that with limited investigators and no dedicated mechanisms for sensitive cases, many women may not feel secure or supported when approaching the agency.

 

Reports over the past year indicate a growing pattern in which journalists and human rights activists have received notices and summonses from NCCIA over their online reporting and commentary. Press freedom organisations warn that investigations requiring journalists to hand over their phones or provide access to digital accounts can raise serious privacy and source-protection concerns. The Committee to Protect Journalists (CPJ) and UNESCO have repeatedly highlighted that journalists’ digital devices often contain sensitive information, including confidential communications with sources, unpublished reporting material, and personal data. UNESCO’s global research on the safety of journalists notes that compelled access to reporters’ phones, computers, or messaging accounts during investigations can expose source identities and undermine the confidentiality that investigative journalism relies upon. Similarly, CPJ guidelines on digital safety warn that device seizures or forced access to communications may compromise not only a journalist’s personal privacy but also the security of whistleblowers and vulnerable sources who share information in confidence. For journalists covering governance, corruption, or human rights issues, such access can therefore create significant concerns about the protection of sensitive information stored on their devices.

 

Journalist Nadir Baloch, who has himself received notices from the cybercrime agency over his reporting, says the complaint process itself often discourages victims.“The online complaints mechanism is messy and often non-responsive. Victims are mostly seen roaming around the NCCIA offices and manually meeting the requirements to address basic issues in their complaints,” he said, describing what he believes are structural inefficiencies in the reporting process. Concerns about privacy also arise during investigations, particularly when journalists or activists are asked to hand over their digital devices. Baloch described his own experience with the agency after being summoned over a social media post.“They hardly tell you about the use of data, except that it is just for investigation purposes. Phones are collected often under duress… I was invited to the office and my phone was collected by force, on the threat of dire consequences,” he said.

Yasal Munir endorsed Nadir's point: “We know that the phone numbers of survivors are available in public records. I remember when we were reporting on Samiya Hijab’s attempted kidnapping case, we used the phone number mentioned in the FIR to contact her for a quote. But…many others would have access to her phone number because that FIR was circulated in so many groups. Then, there are issues of the security of other pictures on their devices when a device goes for a forensic. We know all data is accessed, even the deleted images.”

 

Official data obtained through a Right to Information (RTI) request further illustrates the structural gap between public complaints and judicial outcomes. According to the official response, 94,552 complaints were received nationwide during the nine-month period under review. However, only 21,260 of these complaints were converted into formal enquiries — meaning just 22.49 per cent progressed beyond the initial screening stage, while nearly 77.5 per cent did not proceed further. The data indicates that the majority of complainants never see their cases formally examined beyond preliminary review.

 

The filtering becomes even more pronounced at the stage of criminal registration. Out of the enquiries initiated, only 1,440 FIRs were registered across the country. This represents just 1.52 per cent of total complaints received and 6.77 per cent of enquiries conducted. In practical terms, fewer than two out of every hundred complainants saw their cases converted into a formally registered criminal case.

 

Further down the prosecution chain, 651 challans were submitted before courts. While this accounts for 45.2 per cent of the FIRs registered, it represents only 0.69 per cent of total complaints received. The most striking figure emerges at the final stage of conviction. Only 20 convictions were secured nationwide during the period under review — translating to 0.021 per cent of total complaints, 1.39 per cent of FIRs registered, and 3.07 per cent of challans submitted in courts.

 

The steep decline at every procedural stage, from complaint to enquiry, enquiry to FIR, FIR to challan, and finally conviction, highlights systemic challenges in converting citizen complaints into successful prosecutions. For survivors of digital blackmail and harassment, particularly women who already face social stigma and reputational risk, such attrition can deepen mistrust in institutional remedies and discourage reporting altogether.

 

 

Advocate Shah Fahad stated that in his professional experience, he has not observed any meaningful or structural changes in the handling of harassment complaints involving women after the transition from the FIA to the NCCIA, with no significant improvement in procedures, victim handling, or investigative standards that would reflect substantive institutional reform. He explained that while personal devices are often required for forensic examination to preserve and analyze digital evidence, serious concerns arise regarding the handling and return of such devices. In many cases, once a complainant submits their device to the NCCIA (formerly FIA), it is not returned in a timely manner, and the complainant must approach the court and obtain formal orders for its release. This practice discourages victims from filing complaints, as they fear losing access to essential personal devices for an indefinite period. He emphasised that although forensic requirements are legally justified, there must be clear protocols ensuring prompt return of devices and safeguarding the complainant’s privacy and dignity.

Lawyer Shah Fahad further states that while forensic evidence and device analysis are often necessary for cybercrime investigations, clearer safeguards are needed to ensure that complainants’ privacy is protected. “Victims come forward expecting protection. But if the process itself makes them feel vulnerable, whether through loss of control over their devices or exposure of personal information, it discourages others from reporting similar crimes.”

The long and uncertain legal process, combined with concerns about privacy and institutional handling of sensitive evidence, continues to shape how survivors weigh the decision to report cyber harassment.

For many women, the choice is not simply about whether abuse occurred online, but about what might happen to their personal data once they seek help. Women are already dealing with the fear of social stigma and reputational damage. When they report a case, they are often required to hand over their phones, screenshots, personal messages, and sometimes their entire digital history. The question many survivors ask is: once this information enters the system, who is responsible for protecting it?. Until clearer safeguards exist around how digital evidence is collected, stored and accessed during investigations, many survivors will continue to hesitate before approaching authorities, even when the abuse they face online becomes unbearable.

 

وجیہہ اسلم

معاشرے میں پیسوں کا فراڈ ہونا کوئی نئی بات نہیں۔ ہر دور میں فراڈ ہوتے رہے ہیں۔ آج کے جدید دور میں یہ فراڈ بھی جدید ٹیکنالوجی کی طرح جدید طریقوں سے ہو رہے ہیں۔ پیسوں کے لین دین میں فراڈ، بینکوں میں چوری، دکانداروں کا خریداروں سے دھوکہ یہ وارداتیں نہ ماضی میں روکی گئیں، نہ اب رک رہی ہیں اور نہ مستقبل میں روکی جائیں گی مگر اگر کچھ اختیاط کر لی جائے تو اس میں کمی ضرور ہو سکتی ہے۔آن لائن فراڈ  کیا یہ صرف شور ہےیا سچ میں معاشرے کا سب سے برا کرائم بن گیا ہے۔

آن لائن فراڈ کا شور زیادہ اس لیے ہے کہ پہلے پیسوں کے فراڈ جیسے واقعات کا تناسب 40 فیصد تھا، مگر اب یہ دوگنا ہو گیا ہے۔ اس کی ایک بڑی وجہ موبائل فون اور سستا انٹرنیٹ سسٹم  ہے ۔جس کی وجہ سے ہر عمر کے لوگ موبائل فون کے استعمال بے  ضرر سمجھتے ہیں اور یہی بے ضری آن لائن فراڈ کی سب سے بڑی وجہ بن چکی ہے۔

پاکستان میں مارجنلائزڈ طبقات میں وہ لوگ بھی شامل ہو گئے ہیں جو اپنی زندگی خطِ غربت کے نیچے گزار رہے ہیں۔ یہ لوگ اپنی زندگیوں کو بہتر بنانے اور مالی طور پر مستحکم ہونے کے لیے کسی بھی حد تک جانے سے نہیں گھبراتے۔ پاکستان میں آن لائن لون ایپس نے اس طبقے کو بہت نقصان پہنچایا ہے۔جہانگیر خان کرائم رپوٹر کہتے ہیں کہ میں نے  آن لائن لون اپیس پر بہت کام کیا ہے میری تحقیق کے مطابق ہوتا کچھ اس طرح ہے کہ  آن لائن لون ایپس پر لوگ بہت سے مسائل کا شکار ہو رہے ہیں۔ ان ایپس کے ذریعے قرضہ لینے والوں کو ابتدائی طور پر صرف 10 ہزار روپے واپس کرنے ہوتے ہیں، لیکن قرضہ واپس کرنے کے بعد بھی وہ لوگوں کو بلیک میل کرنا شروع کر دیتے ہیں۔ وہ دھمکی دیتے ہیں کہ اگر آپ کل تک اصل رقم واپس نہیں کرتے تو آپ کا قرضہ دگنا ہو جائے گا۔ اگر قرضہ واپس نہ کیا جائے تو وہ فوراً متاثرہ شخص کے تمام رابطہ نمبرز پر فون کالز اور میسجز شروع کر دیتے ہیں۔ یہ دباؤ اور تناؤ اتنا شدید ہوتا ہے کہ کئی لوگوں نے خودکشی تک کر لی ہے۔یہ آن لائن فراڈ کی وہ قسم ہے جو پس پردہ اتنی خطرناک ہے کہ انسان اپنی جان کی بازی ہار دیتا ہے۔ پاکستان میں آن لائن فراڈ کی سب سے بڑی وجہ ذاتی ڈیٹا کی چوری ہے۔ یہ چوری بڑی کمپنیوں میں کام کرنے والے ورکرز چند پیسوں میں یا تو فروخت کر دیتےہیں یا پھر وہ خود ان گروہوں کا حصہ ہوتے ہیں جو آن لائن فراڈ کے لیے سرگرم ہیں۔

پشاور کے رہائشی فواد شہزاد کہتے ہیں کہ ایک دن مجھے فون کال آئی کہ  مجھے کہا کہ میں TCS کمپنی سےبات کر رہا ہوں  میں نے کہا جی آگے سے جواب آیا کہ  آپ کا  پارسل آ گیا ہے۔ یہ آپ کو کہاں بھیجنا ہے؟میں نے کہا، میرے ایڈریس پر کر دیں۔اس نے مجھے کہا  آپ کے گھر کی لوکیشن نہیں ہے اور شئیر کر دیں میں وہاں پہنچ جاتا ہوں ۔میں نے کہ

لوکیشن نہیں دے سکتا۔تو اس TCSوالے لڑکے نے کہاکوئی بات نہیں میں آپ کو واٹس ایپ پر ایک کوڈ بھیجتا ہوں۔ آپ مجھے بتا دیں تاکہ میں انٹری کر سکوں اور آپ کو آسانی سے پارسل مل جائے۔

مجھے یہ زیادہ آسان لگا میں نے بیوقوفی میں وہ کوڈ شیئر کر دیا۔نتیجہ یہ ہوا کہ اس نے میرا  واٹس ایپ ہیک کر لیا اور اس بندے نے  لوگوں کو میسجزکے ذریعے کسی سے 20ہزار اور کسی سے 10 ہزار مانگ لئے۔دو دن بعد جب میرے دوستوں نے فون کرکے پوچھا کہ سب خیریت ہے پیسے کیوں چاہیے تھے اتنے تو میں حیران رہ گیا۔ایف آئی اے کی مدد سے دو دن لگے مجھے وٹس ایپ ریکور کروانے میں ۔

کیا آن لائن فراڈ کرنے والے افراد ایکسپرٹ ہوتے ہیں؟

 یہ وہ سوال ہے جس کا جواب جاننے کے لئے ہر کوئی یا تو کسی آئی ٹی ایکسپرٹ سے پوچھتا ہے یا پھرکسی ویب سائٹ پر آرٹیکل کو پڑھ کر کوئی نتیجہ نکالنا کی کوشش کرتا ہے۔سائبر کرائم ایکسپرٹ کوکب زبیری کہتے ہیں کہ ’ضروری نہیں  ’ہیکنگ اور آن لائن فراڈ کے لئے آئی ٹی ایکسپرٹ ہونے کی ضرورت نہیں اور اس کےلئے کسی آئی ٹی ایکسپرٹ کی معاونت بھی ضروری نہیں آن لائن فری ایسےٹولز آ گئے ہیں  جن کو   کسی بھی ویب سائٹ سے آسانی سے  ڈاؤن کیا جا سکتا  ہیں۔اس کام کے لئے بس انفارمیشن کی ضرورت ہوتی ہے باقی کام سوفٹ وئرز سے ہو جاتے ہیں‘۔

گزشتہ 10سال سے کرائم رپورٹنگ کرنے والے صحافی جہانگیر علی کہتے ہیں کہ’ آن لائن فراڈ کا ٹرینڈ پچھلے 7 سے 10 سالوں میں بہت بڑھا ہے۔ اس سے پہلے بھی فراڈ ہوتے تھے بات چیت کرکے جھوٹ بول کر لوگوں کو دھوکہ دیتے تھے ۔ آن لائن فراڈ میں اضافہ کی وجہ یہ ہے کہ لوگوں میں زیادہ پیسہ کمانے کی خواہش ہے۔ جس کی وجہ سے وہ  شارٹ کٹ کے ذریعے پیسہ کمانے کو زیادہ ترجیح دیتے ہیں اور آن لائن لوگوں کو بیوقوف بنانا انہیں آسان لگتا ہے۔ضروری نہیں کہ صرف بڑے سائبر ایکسپرٹ یہ کر رہے ہوں۔ اب ان پڑھ لوگ بھی کر رہے ہیں۔ کوئی سائبر ایکسپرٹ یا کمپیوٹر والا بندہ ایک سیٹ اپ بناتا ہے اور اس میں 10-12 لوگوں کو نوکری پر رکھ لیتا ہے۔ ان کو ٹریننگ دیتا ہے کہ فون کال کرکے عام لوگوں سے کہو کہ میں فلاں کمپنی سے بول رہا ہوں۔ آپ کے پاس کوڈ آ گیا ہوگاوہ بتا دیں یا پھرآپ کا اکاؤنٹ کنفرم ہو گیا ہے کوڈ بتائیں۔اور ایک یہ پورا نیٹ ورک اس طرح چلنے لگتا ہے۔ اگر پنجاب کی بات کریں تو سائبر فشنگ میں نمبر ون پر ضلع میاں چنوں اور دوسرے نمبر پرضلع ننکانہ صاحب اور پھر جنوبی پنجاب کے شہر آتے ہیں ۔

خواتین کیوں زیادہ آن لائن فراڈ کے جھانسے میں آتی ہیں؟ اب تک کی تحقیق کیا کہتی ہے؟

خواتین ہی کیوں آسانی سے آن لائن فراڈ کا شکار ہوتیں ہیں؟ کوکب زبیری کہتے ہیں کہ  یہ سوال  تو بہت اچھا ہے مگر یہ بات آج سے کچھ سال قبل کہہ سکتے تھے مگر اب خواتین بھی اس معاملے میں محتاط ہوچکی ہیں۔اگر ہم یہ کہیں کہ فراڈ کرنے والا گروہ خواتین کی مصرفیت کو مد نظر رکھنے ہوئے انہیں کال کرتے ہیں تو اس میں کوئی دو رائے نہیں ہوگی۔خواتین کو ہیکرز  خواتین کو کال دن کے وقت تب کرتے ہیں جو ان کا گھر میں کچن میں یا پھر گھر کے کاموں میں مصروف ہوتا ہے اور نوکری کرنے والی خواتین کی بات کریں تو وہ بھی انہیں اوقات میں آتیں ہیں کیونکہ خواتین کی نفسیات میں اپنے کام کو لے کر زیادہ سنجیدہ ہونے والے پہلو بھی آتا ہے۔مثال کے طور پر کوئی بینک والا فون کرتا ہے کہ میں بینک سے بول رہا ہوں۔ نمبر بھی بینک کا ہی لکھا ہوا آ رہا ہے۔ وہ کہتا ہےآپ مجھے اپنا مکمل نام  اور پاس ورڈ دیں تاکہ میں کنفرم کر سکوں یا ہم نے آپ کو OTP بھیجا ہے آپ پھر  اسے کنفرم کریں۔یہ بات اتنی قائل کرنے والی ہوتی ہے کہ وہ دوسرے کام کرتے ہوئے اس پر فوکس نہیں کر پاتی۔ تو وہ OTP دے دیتی ہے۔ نتیجہ یہ ہوتا ہے کہ اس کا واٹس ایپ ہیک ہو جاتا ہے۔

جہانگیر خان کہتے ہیں کہ ویسے تو مالی فراڈ کا تناسب مرد و اور  خواتین میں تقریباً برابر ہےلیکن چونکہ خواتین کے ساتھ ہراسمنٹ کیسز زیادہ رپورٹ ہوتے ہیں۔ اس لیے یہ تاثر بن گیا ہے کہ وہ زیادہ شکار ہوتی ہیں۔ کسی حد تک یہ بات درست بھی ہے۔خواتین شاید اس لئے بھی زیادہ ٹارگٹ ہوتیں ہیں کہ وہ آن لائن شاپنگ زیادہ کرتی ہیں۔جہانگیر سوال یہ ہے کہ ڈیٹا کیسے لیک ہوتا ہے؟ کیا کمپنیوں اور آؤٹ لیٹس سے نمبر لیک ہوتے ہیں۔جہانگیر کہتے ہیں کہ ہم نے رپورٹ ہوتے دیکھا ہےکہ بعض کیسز میں کمپنی میں کام کرنے والےملازم اندر سے ہیکرز کو ڈیٹا بیچتے ہیں۔  اور اس  طرح ڈیٹا لیک آؤٹ  ہو کردوسری کمپنیوں/گروپس کو ڈیٹا جاتا ہے۔جہانگیر کا کہنا ہے کہ پچھلے 5 سالوں میں 1.8 ملین خواتین سائبر کرائمز کا شکار ہوئیں۔FIA کو 6لاکھ شکایا ت وصول ہوئیں جس میں سے صرف 3.5فیصد کو سزائیں ملیں۔

کیا پرسنل ڈیٹا چوری ہی آن لائن فراڈ کا سبب بنتی ہے؟

کوکب زبیری نہیں دیکھیں جیسے آپ خود سوچیں بینک والوں کے کسی بھی ٹیلی فون، کمپیوٹریا بینک والوں سے ملے بغیرآپ کے پرسنل ڈیٹیلز کس کے پاس جا سکتے ہیں؟اب جیسے میں آپ کو فون کر رہا ہوں اورمیں آپ سے پوچھا کہ یہ نمبر آپ کا ہے  تو  آپ کا CNIC  نمبر آپ کا ہے؟ آپ کہیں گی ہاں تو اپنا نمبر تو میرے ساتھ آپ نے شئیر کر دیا۔ اور میں آپ کو اتنی قائل کرنے والی معلومات دیتا ہوں کہ آپ میری بات پر یقین کر لیتے ہیں۔تو ہم کیا کریں؟ اصولی  طور پر کسی کو بھی فون کر کے OTP نہ بتائیں۔اگر کوئی آپ کے جاننے والے کی طرف سے پیسے کی درخواست بھیجے تو پہلے خود کال کر کے کنفرم کریں۔اگر کوئی بینک کہے مجھے آپ پاس ورڈ دیں تو یاد رکھیں بینک کبھی فون پر پاس ورڈ نہیں مانگتا۔بینک والے کبھی فون کر کے شناختی کارڈ نمبر نہیں مانگتے۔ اگر آپ فون کریں گے تو وہ کہیں گے آپ کا شناختی کارڈ نمبر بتائیں یاآخری نام بتائیں  خود فون کر کے نہیں پوچھیں گے۔اسی لیے میں ہمیشہ کہتا ہوں کہ ایک آگاہی مہم چلانی چاہیے۔ یہ حکومت کی ذمہ داری ہے کیونکہ عوام کا نقصان ہو رہا ہے۔ حکومت کو نہ صرف آگاہی مہم چلانی چاہیے بلکہ پرائیویٹ سیکٹر کو بھی شامل کرنا چاہیے۔جہانگیر خان کا کہنا ہے کہ ذاتی ڈیٹا کا سب سے بڑا حصہ آپ کا ٹیلی فون نمبر ہوتا ہے جو آپ بڑی آسانی سے اجنبیوں میں بانٹ دیتے ہیں۔ مثال کے طور پر کپڑوں، جوتوں اور جیولری کے بڑے فرنچائز سٹورز سے جب آپ سامان خریدتے ہیں تو وہ آپ سے ٹیلی فون نمبر لے لیتے ہیں کہ جب بھی سیل لگے تو آپ کو میسج کے ذریعے اطلاع دے دیں۔ اس وقت آپ نام اور فون نمبر دونوں دے دیتے ہیں۔جب کسی بھی سسٹم میں آپ کا فون نمبر اور نام سیو ہو جاتا ہے تو وہاں کام کرنے والے عملے کے ہاتھ آسانی سے لگ جاتا ہے۔ آپ کا ایک ہی ذاتی ڈیٹایعنی فون نمبر جو آپ کو یاد ہوتا ہےوہ خود پبلک میں دے دیتے ہیں۔ 90 فیصد آن لائن فراڈ فون نمبرز پر کالز یا واٹس ایپ میسجز کی صورت میں آتے ہیں۔کے پی سے تعلق رکھنے والے صحافی کامران علی کا کہنا ہے کہ ہمارے کچھ دوستوں کو بھی آن لائن فراڈ کا سامنا کرنا پڑا۔ میرے دوست جنید کا فیس بک اکاؤنٹ ہیک ہو گیا۔ہمارے میوچل دوستوں میں سے ایک کو میسج چلا گیا۔ ہیکر نے جنید کے پرانے میسجز دیکھ کر سوشل انجینئرنگ کی اور ایسا لکھا جیسے جنید خود لکھ رہا ہویار جنید میں ادھر پھنس گیا ہوں۔ میرا موبائل بھی کام نہیں کر رہا۔مجھے 10 ہزار روپے ٹرانسفر کر دے۔دوست فوراً یقین کر بیٹھا اور 10 ہزار جنید نے اکاؤنٹ میں ٹرانسفر کر دیے۔ جنید نے مجھے کال کر کے بتایا کہ میں نے ہمارے  دوسرے میوچل  دوست  حکیم کو بھی اسی نمبر پر 30 ہزار بھیج دیے، لیکن اس نے  شکریہ  تک نہ بولا۔ میں نے  سوچامصروف  ہونے کی وجہ سے بھول گیا ہوگا۔پھر تیسرا دوست فون کر کے بولاجنید، تم نے مجھ سے 30 ہزار لئے ہیں ۔جنید نے چیک کیا تو فیس بک ہیک ہو چکا تھا۔ ہیکر لوگوں کو پیسے مانگنے والے میسجز بھیجے جا رہے تھے۔ کئی دوستوں سے پیسے لے لیے گئے۔ جنید نے FIA کو درخواست دی اور دو دن بعد اکاؤنٹ ریکور ہو گیا۔کامران کا کہنا ہے کہ بطور صحافی میں ایسی بہت سے رپورٹس سنتا بھی ہوں اور لوگوں کی شکایات جو ایف آئی میں ہوتی ہیں انہیں کسی نہ کسی شکل میں سوشل میڈیا  پر آگاہی کے طور پر منظر عام پر بھی لاتا ہوں۔  آن لائن فراڈ کرنے والے جینڈر نہیں دیکھتے  انکے ٹارگٹ ہوتے ہیں۔

چند ماہ قبل پنجاب پولیس نے ایک کیس آ ن لائن فراڈ کا کیس  حل کیا اور ملزمان کو بھی پکڑاڈی آئی جی آپریشنز فیصل کامران نے کہا اگر اس طرح کی کوئی کال آئے جس میں  آپکو پوری تفصیل دی جائے کہ یہ آپ کا سامان ہے۔ اس میں سے 10 ہزار روپے پہلے JazzCash میں ٹرانسفر کر دیں تو ہم فوراً بھیج رہے ہیں تو ہرگز نہ کریں۔ ایک خاتون کے ساتھ ایسا ہوا کہ انہوں نے 10 ہزار بھیج دیے مگر اس خاتون کو پارسل وصول نہیں ہوا۔ انکے مطابق یہ بہت بڑا منظم گروپ تھا جو ایک دن میں ایک SIM سے 8-9 لوگوں کو دھوکہ دیتا اور SIMs خراب کر کے پھینک دیتا تھا۔ لاہور پولیس نے پورے گروپ کو پکڑ لیا – ان کے پاس سینکڑوں موبائل فون، لاکھوں روپے نقدی، جعلی SIM/کیش ڈیوائسز برآمد ہوئیں اور 8-10 افراد گرفتار ہوئے۔

پاکستان سائبر کرائم اعداد و شمار (2024-2026)

سال / ادارہ	شکایات	انکوائریاں	مقدمات	گرفتاریاں	ریکوری	نوٹس
2024 FIA سائبر ونگ	73,131	29,105	1,604	۔	۔	تمام سائبر کرائم (فراڈ سمیت)
2024 بینکنگ محتسب	27,753 نمٹائی گئیں	۔	۔	۔	1.65 بلین روپے	فراڈ + اکاؤنٹ بلاک شکایات
2025 NCCIA	150,542	10,756	851	۔	۔	قومی اسمبلی رپورٹ ​
2025 NCCIA مالی فراڈ	81,996	۔	۔	2,900+	461 ملین روپے	واپس کروائی گئی رقم ​
2025 NCCIA کارروائی	۔	۔	2,200+	2,900+	461 ملین  روپے	مالی دھوکہ دہی کیسز
2026 NCCIA (فروری)	140,000 بیک لاگ	۔	۔	۔	۔	زیر التواء شکایات

 

 

 

 

 

 

 

 

 

 

 

 

2024 FIA سائبر کرائم ونگ نے73,131 شکایات، 29,105 انکوائریاں، 1,604 مقدمات درج کیے گئے تھے۔ 2024 بینکنگ محتسب نے صارفین کی27, 753 شکایات نمٹائی ، 1.65 بلین روپے کی ریلیف دی گئی رقم وصول کی گئی / محتسب کے عمل کے ذریعے ریلیف کے طور پر دی گئی ۔ان کے پورے عمل میں کل فراڈ نقصان کے ساتھ ساتھ بینک فراڈاور  اکاؤنٹ بلاک ہونے کی شکایات بھی  شامل تھیں۔

2025 NCCIA قومی اسمبلی کو رپورٹ کے مطابق سائبر کرائم نے کل 150,542 شکایات، 81,996 مالیاتی فراڈ کی شکایات، 10,756 پوچھ گچھ اور 851 کیسز رجسٹرڈ بیسٹ آفیشل اسپلٹ اس میں مالی فراڈ بھی شامل ہے۔2025 این سی سی آئی اے نے 2,200 مقدمات، 2,900 گرفتاریاں اور 461 ملین روپے کی ریکوری کیں۔فروری 2026 کی رپورٹنگ کے مطابق NCCIAنے 140,000 شکایات کو نمٹانے کا عندیہ دیا ہے۔

آن لائن فراڈ کا یہ جال اب پاکستان کے ہر طبقے کو گھیر رہا ہے۔جہاں 2025 میں سائبر کرائم کی شکایات 142,272 تک پہنچ گئیں اور FIA کو 722,010 سے زائد شکایات موصول ہوئیں، مگر سزاؤں کا تناسب محض 3 فیصد رہا ۔ پاکستان میں سب سے زیادہ شکار ہونے والی مارجنلائزڈکمیونٹی اور خواتین جن کی تعداد 1.8 ملین تک پہنچ چکی ہےوہ آن لائن فراڈ میں  سب سے زیادہ شکار ہو رہے ہیں ۔حکومت FIA اور پولیس کو نہ صرف سخت قوانین نافذ کرنے ہوں گے بلکہ قومی آگاہی مہم چلانی ہوگی مثال کے طور پرسکولوں،کالجز، میڈیا اور سوشل پلیٹ فارمز پرتاکہ لوگ OTP شیئر نہ کریں، مشکوک کالز پر یقین نہ کریں اور ذاتی ڈیٹا (فون نمبر اور آئی ڈی کارڈ)کسی سے شئیر نہ کریں۔اگر ہم سب مل کر محتاط ہو جائیں تو یہ ڈیجیٹل دہشتگردی روکی جا سکتی ہے۔ ایک چھوٹی احتیاط لاکھوں روپے اور جانیں بچا سکتی ہے۔

آمینہ سالارزئی

عظمیٰ اکرام ڈیجیٹل کانٹینٹ کریئٹر جس کا حالیہ دنوں میں واٹس ایپ ہیک ہوا ہے نے ڈی آر ایف سے گفتگو کرتے ہوۓ بتایا کہ ہیکر نے مجھ سے کوڈ مانگا تھا ٹی سی ایس کا حوالا دے کر کہ آپ کا پارسل ڈن کرنا ہے کوڈ سے کوڈ میچ کرکے، اور کوڈ والا میسج انگریزی میں نہیں کسی اور زبان  میں تھا۔ بعد اذاں میں نے اپنا واٹس ایپ ریکور کرلیا، اور اب میں نے واٹس ایپ پر ٹو سٹیپ ویریفیکیشن آن کر رکھا ہے۔

عظمیٰ اکرام نے  اپنے فیس بک پیج پر بھی لوگوں کو اس فراڈ سے آگاہ کیا۔ " کہ میرا واٹس ایپ اکاونٹ ہیک ہوگیا ہے۔ میری طرف سے اگر کسی کو  پیسوں یا مدد کا میسج آیا ہو تو وہ فراڈ ہے۔ براہِ کرم کسی قسم کی رقم نہ بھیجیں۔ مسئلہ حل کیا جارہا ہے۔"عظمیٰ اکرام کا کہنا تھا کہ میرے ساتھ ایک بہت ہی پریشان کن واقعہ پیش آیا جس نے مجھے ہلا کر رکھ دیا۔ مجھے ایک کال آئی کہ آپکا پارسل آیا ہے بس ایک کوڈ بتادیں تاکہ ڈیلیوری ہوسکے۔ چونکہ میں پارسل منگواتی رہتی ہوں، میں نے بغیر سوچے کوڈ بتا دیا اور دیکھتے ہی دیکھتے میرا واٹس ایپ ہیک ہوگیا۔ ہیکر نے فوراً میرے جاننے والے لوگوں سے پیسے مانگنا شروع کردیے کسی کو کہا میں بازار میں ہوں پیسے کم پڑگۓ ہیں، کسی کو سلام دعا کرکے باتوں میں لگایا۔"

 عظمیٰ اکرام نے مزید بتایا "اللہ پاک کا کروڑوں شکر ہے کہ میری عزت اور پہچان نے مجھے بچالیا لوگوں کو یقین ہی نہیں آیا کہ میں ایسے پیسے مانگ سکتی ہوں۔ میرے دوستوں نے عقلمندی دکھائی اور وائس میسج یا کال کا مطالبہ کیا جس پر ہیکر بھاگ نکلا۔ میری آپ سب سے گزارش ہے کھبی کسی نام نہاد ٹی سی ایس یا کوریئر والے کو کوئی کوڈ نہ بتائیں صرف آواز کی پہچان اور مکمل تسلی ہونے پر ہی پیسے بھیجیں، ورنہ ہر گزنہ بھیجیں۔ آج کل خاص طور پر بزنس کرنے والے لوگوں کے واٹس ایپ اسی طرح ہیک کیۓ جارہے ہیں-"

میرے واٹس ایپ لسٹ میں شامل شازیہ (فرضی نام) بتاتی ہیں کہ بیرونی ملک میں مقیم ایک رشتہ دار خاتون کے نمبر سے مجھے واٹس ایپ پر ایک پیغام موصول ہوا، جس میں لکھا تھا کہ مجھ سے غلطی سے اپنا پاسورڈ آپ کے نمبر پر سینڈ ہوا ہے براۓ مہربانی مجھے دوبارہ بھیج دے۔ شازیہ نے بتایا میں نے بنا سوچے سمجھے وہ پاسورڈ اپنی رشتہ دار کے نمبر پر سینڈ کردیا کیونکہ مجھے اس پر یقین تھا کہ یہ تو میری رشتہ دار ہے لہذا ہیکنگ وغیرہ کیسے، لیکن وہ مخصوص کوڈ سینڈ کرتے ہی میرا پورا واٹس ایپ ہیک ہوا اور اس کا پورا  ڈیٹا ہیکر کے پاس چلا گیا۔ بعد میں مجھے پتا چلا کے جو رشتہ دار مجھ سے کوڈ مانگ رہی تھی دراصل اس کا نمبر ہیک ہوچکا تھا اور ہیکر کانٹیکٹس لسٹ کو مزید اسی طریقے سے ہیکنگ کا نشانہ بنا رہے تھے۔

شازیہ بتاتی ہیں کہ میں نے اپنے کانٹیکٹس کو ہیکنگ سے بچانے کیلئے اپنی کزن کے واٹس ایپ پر ایک گروپ بنایا اور انہیں بروقت خبردار کیا کہ اگر میرے نمبر سے آپ سے کوئی کوڈ  یا کچھ بھی مانگے تو ہر گز سینڈ نہیں کرنا ان پیغامات کو نظرانداز کرکے کسی بھی قسم کی معلومات فراہم نہ کریں، اس طرح سے میرے کانٹیکٹس ہیکنگ سے محفوظ ہوئے۔ شازیہ کا کہنا تھا پھر بعد میں مجھے پتہ چلا کہ میرے نمبر سے واٹس ایپ لسٹ میں شامل افراد کو ہیکر کی طرف سے پیغامات موصول ہوۓ تھے۔ شازیہ کے مطابق ہیکر کا تعلق بیرونی ملک سے تھا۔  اس واقعہ نے شازیہ کو اس قدر متاثر کیا کہ اس نے اپنا نمبر ہی بند کردیا اور اس کو نئی سم سے نیا واٹس ایپ انسٹال کرنا پڑا۔ شازیہ  نے مزید بتایا میں نے اپنے کانٹیکٹس لسٹ میں شامل افراد کو اپنا ہیک شدہ نمبر واٹس ایپ میں رپورٹ کرنے کو بھی کہا تاکہ ہیکر وہ نمبرمزید استعمال نہ کرسکے۔

 ہیکنگ، غیر یقینی لنکس اور فائلوں کے زریعے ڈیٹا چوری ایک سنگین مسئلہ بن رہا ہے اس حوالے سے ایف آئی اے میں کام کرنے والے ایک آفیسر (سب انسپکٹر) نے ڈی آر ایف کو دی گئی انٹرویو میں بتایا کہ سال 2025 میں پاکستان میں سائبر کرائم میں کل 157,465 شکایات درج کی گئیں ان میں سے 2974 واٹس ہیکنگ اور بے جا استعمال کے معاملات کے متعلق تھے۔ نیشنل سائبر کرائم انویسٹیگیشن نے ان شکایات میں سے 1,032 کی تعداد پر باضابطہ کارروائیاں شروع کی ہے۔

یہ نیشنل سائبر کرائم انویسٹیگیشن کو 2025 میں سال بھر موصول ہونے والے حالیہ عوامی طور پر رپورٹ کردہ اعداد وشمار ہے۔

(این سی سی آئی ای/ ایف آئی اے رپورٹ)

سائبر کرائم کی کل شکایات: 157,465

واٹس ایپ سے متعلق شکایات:2,974

عملی کاروائی شروع: 1,032

پی ٹی اے آفیشل ویب سائٹ پر نیچے دیئے گئے لنک میں دی گئ ہدایات کے مطابق

https://www.facebook.com/share/v/14W7MVAzBE1/

ایسے پیغامات پر ہر گز یقین نہ کریں جن میں انعام اکاونٹ بند ہونے یا آپ سے ذاتی معلومات کی تصدیق  (ویریفیکیشن)کا کہا جائے یاد رکھیں ، یہ فراڈ ہوسکتا ہے۔ فراڈ کے عام طریقے پی ٹی اے، بینک یا کسی سرکاری ادارے کا نمائندہ بن کر ذاتی معلومات طلب کرنا جعلی کوریئر سروسز یا حکومتی سکیموں کے نام استعمال کرکے لوگوں کو جھانسا دینا مشکوک لنکس یا کیو آر کوڈز بھیجنا۔

شکایات درج کروائیں:

complaint.pta.gov.pk

NCCIA 24/7 Helpline1799

complaint.nccia.gov.pk

 اکثر بندہ اپنے کانٹیکٹس پر اعتبار کرکے سٹیٹس لسٹ

 میں شامل کرلیتا ہے جو ان کے پرائیویسی کیلۓ خطرہ بن جاتا ہے۔ اس مسلئے سے پریشان ایک صارف صدف(فرضی نام) نے ڈی آر ایف  سے بات کرتے ہوئے بتایا کہ واٹس ایپ کے فوائد کے ساتھ ساتھ نقصانات بھی ہیں میں اگر فوائد کی بات کروں تو بہت سے ایسے لوگ ہیں جو اپنی فیملی سے دور ہیں اور یہی واٹس ایپ ہے کہ رشتوں کو قریب رکھتا ہے کال، میسجز اور ویڈیو کالز سب آسانی سے کر سکتے ہیں۔  زیادہ تر لوگ اور ایپس یوز نہیں کرتے یا ان کو زیادہ سمجھ نہیں آتی تو واٹس ایپ نے سب کے لیے آسانیاں پیدا کی ہے۔

صدف بتاتی ہیں "جہاں تک بات سٹیٹس پرائیویسی کی ہے تو میں یہ کہنا چاہوں گی کہ زیادہ تر کانٹیکٹس ہم نے ہائیڈ بھی کیے ہوتے ہیں سٹیٹس پر لیکن جن پر ٹرسٹ ہو وہ ہائیڈ نہیں کرتے۔"  صدف نے کہا "اگر اپنی بات کروں تو میں نے سٹیٹس پر اپنے ڈگری لینے کے بیک سائیڈ تصویر اپلوڈ کی تھی اور وہی سے میری ایک فرینڈ نے سکرین شارٹ لے کے اپنی ڈی پی پر لگائی، اس طرح ایک دفعہ اپنے ہاتھ کی تصویر لگائی اور وہ بھی میں نے کسی فرینڈ کی ڈی پی پر دیکھی۔ میں حیران اس بات پر ہوئی کہ نہ اجازت مانگی اور نہ کچھ کہا اور سکرین شاٹ لے کے مزے سے اپنی ڈی پی لگالی۔ لہذا ہم سب کو بہت احتیاط کرنی چاہیے جہاں تک اس کے فائدے ہیں اسی طرح نقصانات بھی ہیں۔

واٹس ایپ سٹیٹس کئی لوگوں کیلے ایک طرح سے ڈیٹا چوری کرنے کا آسان طریقہ ہے کیونکہ واٹس ایپ صارف خود ہر کسی پر اعتبار کرنے پر ہی ڈیٹا لیک ہونے کا شکار ہوجاتے ہیں۔ اس حوالے سے شعبہ صہافت سے تعلق رکھنے والی ناہید جہانگیر جو پچھلے 14 سال سے بطور صحافی کام کررہی ہے نے ڈی آر ایف کو بتایا: اصل میں اگر دیکھا جاۓ تو پڑھے لکھے لوگوں کے علاوہ کچھ غیر تعلیم یافتہ خواتین بھی واٹس ایپ کا استعمال کرتی ہیں اور ان کو زیادہ علم نہیں ہوتا کہ ہمیں خود کو واٹس ایپ پر کس طرح پرائیویٹ رکھنا ہے کون سی چیزیں ہمیں شیئر کرنی ہیں اور کون سی نہیں۔  اگر سٹیٹس لگانا ہو تو ایک پڑھی لکھی خاتون چیزیں سیکور کر لیتی ہیں کہ یہ تمام پبلک کو نظر آئے گا یا کچھ فرینڈز کو لیکن غیر تعلیم یافتہ خواتین پھر ان چیزوں میں فرق نہیں کرسکتی۔

جب کوئی سٹیٹس پر ویڈیو یا اپنی تصویر لگاتا ہے تو بہت سے لوگ ایسے ہوتے ہیں جو ان کو سیو کرتے ہیں یا سکرین شاٹ لے کے منفی طور پر دوسروں کے ساتھ شیئر کرتے ہیں، پھر ہوسکتا ہے کہ وہ لیک ہو اور اس بندی کے لیے مسئلہ بنے۔  ایسا بھی ہے بعض لوگوں کو سمجھ نہیں آتی اور وہ ہر ایک لنک پر کلک کرتے ہیں کیونکہ ایسی خواتین کو زیادہ علم نہیں ہوتا نہ ہی ان کو ڈیجٹل ٹریینگز دی جاتی ہے۔  ناہید جہانگیر نے کہا ہم نے بچیوں اور غیر تعلیم یافتہ خواتین کو بھی موبائل فون پکڑا دیتے ہیں اور وہ اس کا استعمال بھی کرتی ہیں، اپنی گھریلو چیزیں چاہے تصاویر، ویڈیوز یا جو بھی ہو وہ سٹیٹس پر لگا لیتی ہیں۔  ان خواتین کو لنکس کا کچھ زیادہ پتہ نہیں ہوتا کہ یہ سکیم ہے یا کچھ اور وہ اس پر کلک کردیتی ہیں جس سے ان کا ڈیٹا چوری ہو سکتا ہے۔ صحافی ناہید جہانگیر بتاتی ہیں کہ میں واٹس ایپ کے حوالے سے ہر چیز پہ کلک نہیں کرتی اور پرائیویسی بھی لگائی ہوتی ہے اورجو چیزیں ظاہر نہیں کرنا چاہتی تو وہ چیزیں میں سیکور کرلیتی ہوں۔

پرائیوئسی ہرانسان کا بنیادی قانونی حق ہے اس حوالے سے ایڈوکیٹ ہائی کورٹ پشاور عدنان صاحب جو سول اور کریمینل کیسز کیلۓ کام کررہے ہیں نے ڈی آر ایف کو بتایا : "بطور ایڈووکیٹ میرا مؤقف واٹس ایپ ہیکنگ صرف ایک تکنیکی مسئلہ نہیں بلکہ آئینی اور قانونی حقِ پرائیویسی کی خلاف ورزی ہے۔ پاکستان کے آئین کے آرٹیکل 14 کے تحت "انسانی وقار اور گھر کی پرائیویسی" کا تحفظ بنیادی حق ہے۔ جب کسی کا واٹس ایپ اکاؤنٹ ہیک ہوتا ہے تو: ذاتی پیغامات لیک ہو سکتے ہیں تصاویر/ویڈیوز کا بے جا استعمال ہوسکتا ہے۔ بلیک میلنگ کا خطرہ بڑھ جاتا ہے جبکہ مالی فراڈ بھی ہوسکتا ہے یہ تمام اقدامات قابلِ سزا جرائم ہیں۔"

پاکستان میں سائبر کرائم سے متعلق بنیادی قانون ہے PECA2016

Prevention of Electronic Crimes Act 2016 (PECA)

اہم دفعات:

  3 سیکشن ــــ Unauthorized Access

کسی کے ڈیٹا یا اکاؤنٹ تک غیر قانونی رسائی

 سزا: 3 ماہ تک قید یا جرمانہ یا دونوں

سیکشن 4 – Unauthorized Copying/Transmission ڈیٹا چوری یا کاپی کرنا

سزا: 6 ماہ تک قید یا جرمانہ یا دونوں

سیکشن20 – Offences Against Dignity کسی کی عزت کو نقصان پہنچانا

 سزا: 3 سال تک قید اور 10 لاکھ روپے جرمانہ

سیکشن 21 – Offences Against Modesty  نجی تصاویر/ویڈیوز پھیلانا (خاص طور پر خواتین کیلئے)

سزا: 5 سال تک قید اور 50 لاکھ روپے جرمانہ

سیکشن 24 – Cyber Stalking آن لائن ہراسانی

سزا: 3 سال تک قید اور جرمانہ

اگر معاملہ بلیک میلنگ یا فراڈ کا ہو تو تعزیراتِ پاکستان کی دفعات (پی پی سی) بھی لاگو ہو سکتی ہیں

متعلقہ ادارے سائبر سیکیورٹی آگاہی مہمات بڑھائیں

موبائل کمپنیوں کے ساتھ سیکیورٹی پروٹوکول بہتر کریں، اور Two-Factor Authentication (2FA) لازمی کرنے پر زور دیا جاۓ۔ اس کےعلاوہ فوری ریسپانس یونٹ قائم کیا جائے اور عدالتوں میں سائبر کرائم کے کیسز کی جلد سماعت کو یقینی بنایا جاۓ۔

 دنیا بھر میں واٹس ایپ کی مقبولیت بہت زیادہ ہے لیکن پرائیویسی سے متعلق خدشات بھی بھڑ رہے ہے۔ اکثر لنکڈ ڈیوائسز کا بھی خطرہ ہوسکتا ہے۔ متعدد صارفین کے مطابق لنکس یا فائل کھولنے سے ان کے واٹس ایپ کا پورا ڈیٹا ہیک ہوجاتا ہے۔ اب ایسے مشکوک لنکس اور فائلز سے واٹس ایپ صارفین کیسے محفوظ رہ سکتے ہیں۔

اس حوالے سے اسلام آباد کے نجی ادارے میں آرٹیفیشل اینٹیلیجنس (اے آئی) کے میدان میں کام کرنے والے آئی ٹی امور کے ماہر نے ڈی آر ایف کو بتایا واٹس بہت زیادہ سیکیور سوشل میڈیا فلیٹ فارم ہے آج تک اس کے مقابل میں کوئی اور ایپ نہیں بن سکی جس کی اتنی سیکورٹی ہو۔ آج کل کمیونکیشن کے لحاظ سے واٹس ایپ کا کمیونٹی میں بہت زیادہ اثر ہے، اب غیر ملکی کمپنیز بھی واٹس ایپ بزنس فلیٹ فارم پر کام کررہی ہیں۔ انہوں نے بتایا واٹس ایپ پرائیویسی کیلۓ بہترین آپشن ٹو سٹیپ ویریفیکیشن ہے دنیا کے کسی بھی کونے سے آپکے واٹس ایپ پر کوئی بھی کوشش رہا ہو اگر آپ کے نمبر سے اسے او ٹی پی کوڈ بھی چلا جائے اور وہ لاگ ان بھی کرے پھر بھی آپ کے واٹس ایپ تک ایکسس نہیں کر سکتا اور لاگ ان نہیں کر سکتا، کیونکہ وہاں ان سے ٹو سٹیپ ویریفکیشن کوڈ مانگا جائے گا۔ یہ ایک انتہائی مظبوط سیکورٹی ہے جو واٹس ایپ نے لانچ کی ہے۔

انہوں نے بتایا کہ ٹو سٹپ ویریفیکیشن کیلئے واٹس ایپ سییٹنگ میں جاکے اکاونٹ پر کلک کریں وہاں نیچے ٹو سٹیپ ویریفیکیشن آن کر کے 6 ڈیجٹس پین کوڈ درج کریں اور اپنا ای میل ریکوری کیلئے  شامل کریں۔ اگر آپ چھ ڈیجیٹس پین کوڈ بھول جائیں تو اپنا ای میل ریکوری کے لیے ایڈ کرنا ہوگا، میٹا کمپنی ریکوری کیلئے آپ کا پاسورڈ آپ کے ای میل میں بھیجتے ہیں وہاں سے پھر آپ کو ریکور کرنا ہوگا۔  ٹو سٹیپ ویریفیکیشن سیٹینگز میں ای میل ایڈ نہ ہو اور پن کوڈ آپ بھول جائیں تو آپ کا واٹس ایپ ختم اب اس نمبر پر آپ کھبی بھی واٹس ایپ استعمال نہیں کرسکتے اگر آپ وٹس ایپ ختم کرکے کچھ بھی کریں، پھرآن کروگے پھر یہ پن کوڈ مانگا جائے گا کیونکہ ٹو سٹیپ ویرفیکیشن کھبی ختم نہیں ہوتا۔ جن کا ٹو سٹیپ ویریفیکیشن آن نہیں ہوتا ان پر سائبر اٹیکس انتہائی زیادہ ہوتے ہیں جن کا آن ہوتا ہے اب تک دنیا میں ایک بندے کی شکایت نہیں ملی۔ اپنا پن کوڈ کسی کے ساتھ بھی شیئر نہ کریں، اگر کوئی آپ سے  پن کوڈ مانگے تو سمجھو وہ ہیکر/ چورہے جو آپ کا ڈیٹا چوری کرنا چاہتا ہے۔

 آئی ٹی امور کے ماہر نے مزید بتایا کہ ٹو سٹیپ ویریفیکیشن کے بعد بھی اگر کوئی ایسے مسائل کا سامنا کرتا ہے تو واٹس ایپ کا اپنا ہیلپ آپشن موجود ہے وہاں اپنی شکایت درج کرکے اپنا موبائل نمبر دیں میٹا کمپنی کچھ ہی منٹوں میں آپکا مسئلہ حل کردیتے ہیں اور آپ کے ریکوری ای میل پر فورا سے معلومات آتی ہیں اور واٹس ایپ دوبارہ ریکور ہوتا ہے۔ لیکن ٹو سٹیپ ویرفکیشن کے بعد دنیا میں کوئی ایسا ہیکر نہیں جس سے آپکا واٹس ایپ ہیک ہوجائے یہ ناممکن ہے۔

Ayesha Mirza

65-year-old Shehnaz* found herself terrified when her 70-year-old husband threatened to show her intimate photographs and videos to their male helper. Shehnaz agreed to marry him because they were both in old age and needed someone to look after them. Within weeks of the marriage, her partner, who had initially been kind, began abusing and threatening her.

Across the country, thousands of women face similar threats daily from current or former intimate partners. In a patriarchal society like Pakistan, the circulation of intimate content is often treated either as a moral scandal or addressed narrowly through a cybercrime lens, rather than recognised as a grave violation of an individual’s privacy and bodily autonomy. When intimate partners weaponise this data, their aim is to blackmail, harass, coerce, intimidate, and control women who are, or once were, their partners.

When Shehnaz’s husband warned that he would share the videos, she tried to pacify him. She told him that if the content became public, it would bring shame upon him and his children as she was his wife. Her efforts proved futile. Coming from a modest background with little family support, Shehnaz was vulnerable, and her financially well-off husband used this imbalance to intimidate and threaten her. Sensing the growing tension in the household, the househelp, who was married, began making inappropriate advances. The situation quickly escalated when he suggested one day that he and Shehnaz should engage sexually once her husband went to sleep.

The proposition infuriated Shehnaz prompting her to seek legal counsel and take charge of the situation. She deleted the photographs and videos from her husband’s devices, separated from him, and eventually moved to an old-age home.

While Shehnaz was courageous enough to act swiftly and leave, many women across the country are unable to do so. More often than not, their intimate photographs or videos are either online, or they are being incessantly blackmailed, controlled, and coerced by current or former partners.

Gender and digital rights researcher Shmyla Khan, who previously handled the Digital Rights Foundation’s cyber harassment helpline, says, “The mere threat [of having intimate images shared] would have a deleterious impact on people's lives. Many times people would be forced to give into the blackmail and keep speaking to blackmailers. In other cases, it would severely impact their mental health knowing that their images could be shared with their family, friends, and the entire world at any moment.”

What does the law say?

The situation becomes rather complex as most survivors are already under significant pressure due to rigid gender norms and patriarchal notions that ask and force women to  not report such cases. Lawyer Romasa Jami says “it is rare to find formal complaints in such cases, as families often attempt to resolve matters privately or discourage women from reporting.” She notes that she is personally aware of many women who remain trapped in abusive relationships due to blackmail involving intimate content. “Even within marriage, this is not something women feel they can openly discuss with their families,” she adds.

At the same time, other young girls and women are often unaware of the laws regarding cyber harassment and digital abuse, particularly when it comes to threats.

In 2016, the Prevention of Electronic Crimes Act (PECA) was enacted to address cybercrime and gendered digital abuse in Pakistan. It provides a legal framework to combat online exploitation and harassment. In particular, Section 21 criminalises the intentional sharing, transmission, display, or publication of sexually explicit images or videos of an individual without their consent. Such conduct is punishable by imprisonment, a fine, or both.

PECA also addresses situations where explicit images or videos are used as tools of intimidation, harassment, blackmail, or to damage a person’s reputation. In such cases, the law prescribes penalties of up to five years’ imprisonment and/or a fine of up to Rs 5 million. Additionally, the Act criminalises cyberstalking, persistent online harassment, and digital threats, including threats to disseminate intimate images. Through these provisions, PECA seeks to provide legal recourse and protection to victims of technology-facilitated abuse and exploitation.

However, according to Khan, “Most law enforcement agencies have interpreted PECA to cover blackmail, even when images are not shared.” She further adds, “We've observed some cases where a very literal interpretation of Section 21 was taken, where law enforcement agencies turned complainants away, saying that the law only protected them once the images were shared. Ambiguities in the law can often lead to such situations.”

Moralising and criminalising intimate content

Viewing intimate content primarily through a moral and criminal lens complicates matters. Women’s hands remain tied while men continue using such content as a threat to intimidate women, retain control, or coerce them for various reasons.

Advocate and founder of The Jugnu Project, Zohra Ahmed, notes that in many khula and maintenance cases, husbands threaten wives by saying they will share intimate content online if they don’t withdraw their cases. Feminist theorists like Kate Manne and Catharine MacKinnon argue that women who exercise sexual autonomy, by sending private images or engaging in consensual intimacy, even with husbands, are seen as violating the ideal of the “good woman.” Intimate media becomes a ready-made disciplinary weapon because female sexuality is already heavily policed and stigmatised. The power of blackmail or cyber abuse does not lie in the images themselves, but in the social shame attached to them. Public circulation, then, becomes a means of humiliation and the reassertion of male control over women’s bodies.

Women pursuing khula or maintenance are often forced to back down to protect their honour and dignity. Ahmed explains that social stigma around women’s sexuality also influences how such cases are viewed in court. Women frequently withdraw cases particularly where intimate content is involved saying, “I cannot be humiliated in front of my children. I cannot face anyone. I cannot bear this level of disgrace – you can keep everything, I don’t want anything.”

Additionally, younger girls especially hesitate to approach the Federal Investigation Agency (FIA) or the more recently launched National Cyber Crime Investigation Agency (NCCIA). There is a widespread perception among survivors that officers will not take their complaints seriously, that cases will remain pending for years, or worse, that they will be subjected to moral policing, victim-blaming, and shaming as has often been reported in the media. Jami claims that this is a structural problem. She explains that patriarchy is not just embodied by men; it is a mindset that internalises itself among women and runs rampant through the principles and regulations of institutions. It is so deeply ingrained that it surfaces at every stage: while reporting a case, seeking legal counsel, and/or navigating the justice system.

Human rights lawyer Moniza Kakar, however, says that law enforcement agencies such as the NCCIA understand how sensitive these cases are when intimate photographs or videos of women are involved. In her experience, they often act swiftly and assist with immediate content removal adding that social media platforms, too, have at times been cooperative.

Yet the scale of the problem cannot be ignored. Over the last decade, access to digital devices, cellular connections, and the internet has skyrocketed in Pakistan. Mobile phones and internet connectivity, once considered luxuries, are now widely accessible even in rural and remote areas. As of late 2025, nearly 194 million cellular mobile connections were active in the country – equivalent to 75.9% of the total population, according to DataReportal. Internet users stood at 117 million with an online penetration rate of 45.6%. In October 2025, Pakistan had 79.9 million social media user identities, representing 31.2% of the population. Women accounted for only 28.8% of these identities, while men comprised 71.2%.

With the rapid expansion of digital access in Pakistan over the last decade, women now navigate an environment where personal images can travel faster and farther than ever before. This shift has intensified technology-facilitated gender-based violence leaving women vulnerable not only to the non-consensual sharing of intimate images but also to the constant threat of it. For many young women, those threats often materialise into real, physical harms.

Last year, 27-year-old Simran’s* phone began buzzing relentlessly. Gripped by fear, she knew what was happening.

“Since my social media accounts were public, the perpetrator created a fan page and began sharing my intimate photographs and videos in bulk,” she said. “Some of this content included AI-generated deepfakes as well.” He followed everyone she was following including her friends. She describes it as the toughest day of her life.

Despite being a lawyer, Simran felt paralysed. She feared that approaching law enforcement would require surrendering her devices for forensic examination. “I knew they would moral police me,” she said. She was also concerned that, given the nature of her profession, she might have to interact with these institutions professionally in the future – “I did not want them to have access to my data.”

Her case was further complicated by the fact that the perpetrator was based outside Pakistan. Involving local authorities would potentially require cross-border coordination through embassies or foreign agencies. It remains unclear what course of action is available, or whether Pakistani authorities could meaningfully pursue a case like that at all. Many women face similar barriers when perpetrators relocate abroad effectively placing themselves beyond immediate legal reach.

Simran eventually approached a local digital rights organisation. While they assisted with reporting the content to Meta, she describes the process as painfully slow and, at times, demoralising rather than supportive.

After days of delay, Simran decided to gather the perpetrator’s details herself. She discovered that the country he resided in had strict cybercrime and women’s safety laws. She contacted him and warned that she would report him to authorities there. As an immigrant, he panicked. Only then did he remove the content.

“But there is always a fear in my heart. If he does something like this again, what will I do?”

Simran bore severe mental distress throughout the ordeal. Isolated and cut off by her family, she attempted to take her own life. The psychological consequences of such abuse are largely overlooked.

A public spectacle

When intimate content is taken out of context and circulated without consent, it becomes a public spectacle. Online circulation means what was once private is now open to public commentary. Andrea Dworkin, in her 1981 book Pornography: Men Possessing Women, argued that when intimate media is weaponised against women, it undergoes a similar transformation: stripped from its private, consensual context and recast as spectacle. What was once an act of intimacy becomes an instrument of humiliation. Cyber abuse involving intimate images thus operates as a form of involuntary pornography converting private subjects into public sexual objects.

In Pakistan, women’s sexuality is closely tied to family honour. Therefore, the transformation of private intimacy into a public spectacle carries far-reaching consequences. The threat of circulation is not limited to reputational damage online; it can also lead to social punishment and abandonment offline. In some cases, women face the risk of honour-based violence and forced marriage. Under such circumstances, even approaching legal counsel or law enforcement feels like a risk. If the response is blame rather than support, the distress and trauma intensifies.

These social consequences are also reflected in how the law conceptualises such harm. Khan points out that Section 21 of PECA, which deals with “offences against modesty of a natural person,” reflects this framing. “A feminist reading of the section would reveal that the law frames it as a moral issue,” she says. “Furthermore, given that Section 20, dealing with criminal defamation, is still on the books, it shows that PECA overall continues to see these crimes from a reputational lens.”

Legal and policy loopholes

While misinterpretation of the law is one issue, there are also clear structural loopholes. Ahmed explains that these gaps are particularly evident in cases where women have consensually shared intimate images with partners. “If someone possesses your intimate photos or videos but has neither shared them nor explicitly threatened to do so, you have little legal recourse,” says Ahmed. “If you ask them to delete the content and they refuse, you cannot necessarily file a case against them under PECA. Since they are not actively defaming you, threatening you, or disseminating the material, the situation may fall outside the law’s scope,” she explains. This leaves women trapped in a state of persistent fear with no legal mechanism to compel the deletion of their private content.

Ahmed further notes that even when intimate content is shared online, authorities can do little more than request takedowns from social media platforms. If a company refuses to remove the material, particularly if it does not consider the content to violate its global policies, there is limited leverage available to Pakistani institutions.

Khan explains that one of the biggest obstacles lies in culturally varying definitions of intimacy. For platforms largely headquartered in the Global North, “intimate” often means explicitly sexual. In Pakistan, however, content does not have to be overtly explicit to cause severe harm. A photograph considered benign elsewhere can trigger devastating social consequences here, Khan adds. Simran and Ahmed reiterated similar concerns about the lens with which global platforms design policies around intimate content and violations. For instance, if a woman shares a fully clothed photo of herself online, something widely accepted in many contexts, may still be frowned upon in conservative households where women are discouraged from sharing any kind of image publicly. Even seemingly mild displays of intimacy, such as a couple holding hands or hugging, can become grounds for stigma or coercion if such images circulate.

“Additionally, social media companies often can't account for different languages or are inadequately geared towards different ways in which intimate images can be abused without consent. For instance, [if] someone's images have been disseminated at a mass level, reporting is a very cumbersome process if one has to report each and every instance,” Khan adds. If content circulates through private messages, it is nearly impossible to contain. Moreover, moderation decisions are increasingly automated and non-transparent making it difficult to challenge removals or refusals, explains Khan.

Meta, TikTok, and X all formally prohibit the sharing of non-consensual intimate imagery including AI-generated content. Meta states that it removes such material when reported and uses detection tools to prevent re-uploads. TikTok’s Community Guidelines similarly ban non-consensual intimate images and say the platform relies on automated systems and partnerships to identify and remove violations. X prohibits posting intimate media without consent and may remove the content or suspend accounts that share it.

However, platforms generally only act when content is reported. There is no proactive identification of such content. Enforcement is opaque and reporting mechanisms may require identity verification, which can discourage survivors. Jami also adds that “these processes are often very technical” and not user-friendly. Crucially, there is little guarantee that reported content will be removed globally unless it clearly violates the platform’s terms or relevant law.

Moving towards accountability and reform

Simran pointed out that there should be mechanisms that exist locally. “Law enforcement agencies often view these cases through a morality or obscenity model,” says Simran. Shame becomes attached to the woman. “PECA was introduced to deal with cybercrime, and numerous laws have been passed, yet there is no dedicated domestic law that categorises the sharing of intimate content non-consensually as a form of gender-based violence.”

Jami echoed Simran’s concern adding that the issue is often viewed as a moral violation rather than a human rights violation. When cases are assessed through a moral lens, survivors themselves are judged, especially if they had initially shared images consensually. What is needed instead is protection of bodily autonomy and safeguards against the non-consensual use of intimate content. A morality-based approach creates loopholes, she explains.

Simran added that “while the NCCIA has been established to address cybercrime, questions remain about the criteria used to appoint officials to handle such sensitive cases. Are they trained to engage with survivors in a trauma-informed manner? Do they understand how to deal with victims without reinforcing stigma?”

Khan says that, “Unfortunately, we tend to look at safeguards merely from a criminal law lens, which has meant that anyone looking to guard themselves from such abuse has to file a criminal complaint and go through the criminal justice system, which as many women and gender minorities report, is quite hostile towards them. We must advocate for holistic approaches to addressing the issue, victims and survivors must have access to psycho-social support, including safe and adequate shelter homes, mental health support, peer support communities and tools to control their images that are grounded in a survivor-centric approach and which center their consent, privacy and dignity.”

“Revenge porn is the easiest way to silence women,” says Simran. In a society steeped in patriarchy and misogyny, and in a landscape where digital media usage continues to expand, threats to release women’s intimate content do not remain confined to the online sphere. They shape women’s lives offline subjecting them to psychological distress, harassment, blackmail, intimidation, and coercion.

Khan notes that when PECA was enacted, “activists advocated for drafting in collaboration with civil society and taking a human rights and survivor-centric approach.” It is not too late to revisit that demand. Pakistani authorities must acknowledge the gaps in the law as well as the limitations in holding global social media platforms accountable and work to bridge them to ensure women’s safety, dignity, and autonomy. Above all, the threat or dissemination of intimate content must not be treated merely as a moral or criminal issue, but as a violation of bodily autonomy and fundamental human rights.

Names have been changed to protect the source’s identity due to safety concerns.