In another week of grimly tragic news and moral failings by the powerful, it’s good to know you can at least count on the little things, like the “privacy-focused” search engine and browser DuckDuckGo, that resist the temptation to sell and help corporations monitor their users. Oh, wait.
Yes, a security researcher revealed this week that even DuckDuckGo, which bills itself as “the privacy company on the Internet,” made an exception for its business partner Microsoft from blocking its browser on some website ad trackers, prompting accusations of betrayal by the alleged an ethos of privacy. DuckDuckGo’s milkshake avoidance comes amid growing awareness of how the stakes of online surveillance are rising as signs mount that the US Supreme Court will overturn Roe v. WadeProtecting Abortion Rights: A new report this week from the Surveillance Technology Oversight Project lays out all the technological means available to law enforcement and private parties to monitor those seeking abortions, should Rowe to be struck. And more than 40 members of Congress have called on Google to stop tracking location data on Android before potentially Rowe reversal.
In other privacy news, we looked at how the European Union’s General Data Protection Regulation has failed to meaningfully curb Big Tech’s privacy abuses four years after its adoption. Digital driving licenses in Australia are proving too easy to forge. China rattles guns with accusations of US cyber-espionage. We spoke to the inventor of the browser cookie about how to deal with cookie privacy settings – and those ubiquitous cookie-related pop-ups on websites. And we also interviewed the CEO of Protonmail, now rebranded as just Proton, about its ambitions to offer a wider range of privacy-focused services beyond email – hopefully without, ahem, monitoring exceptions for its business partners.
But there is more. As usual, we’ve rounded up all the news we haven’t reported or covered in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Cybersecurity and privacy researcher Zach Edwards discovered a glaring hole in the privacy protections of DuckDuckGo’s supposedly privacy-focused browser: By examining the browser data streams of the Facebook-owned website Workplace.com, Edwards found that tracking scripts placed from Microsoft, continue to communicate back to Microsoft-owned domains such as Bing and LinkedIn. DuckDuckGo CEO Gabriel Weinberg responded to Edwards on Twitter, acknowledging that “our search syndication agreement prevents us from loading Microsoft-owned scripts” — essentially acknowledging that a partnership deal DuckDuckGo struck with Microsoft, involves creating a partition that allows Microsoft to track users of its browsers. Weinberg added that DuckDuckGo is “working to change that.” (A company spokesperson reiterated in an email to WIRED Weinberg’s claim that none of this applies to DuckDuckGo search, adding that both its search and its browser offer more privacy protections than the competition.) Meanwhile, the revelation blew up a clear pothole. in have the company’s reputation as the rare tech firm that preserves privacy. It turns out that it’s pretty hard to escape this surveillance capitalism.
Staying on that theme of surveillance capitalism, Twitter agreed this week to pay a $150 million fine after the Federal Trade Commission and the US Department of Justice accused it of selling user data it collected under the guise of security. Twitter asked users to share email and phone numbers for security purposes, such as two-factor authentication and account recovery, but eventually sold the data to advertisers who wanted to target ads to its users. That bait-and-switch violated a settlement Twitter reached with the FTC in 2011. after an earlier privacy breach.
If the world had any doubts that China’s “re-education camps” for Muslim minorities in its Xinjiang region are actually prisons with euphemistic names, a massive leak known as the Xinjiang Police Files should correct that misconception. The leak, provided by an unknown source to researcher Adrien Zenz, who in turn released the information to a global media group, includes a massive collection of tens of thousands of internal files, manuals and even detailed photographs revealing life inside one of Xinjiang’s prisons. The files reveal, for example, shoot-to-kill orders for any inmate who tried to escape the camps and guidelines for shackling inmates as they were transferred between different parts of the facility — hardly the practices of a “vocational school,” as China has described the camps to the world. It also includes photographs of the camp’s detainees, who ranged in age from 15 to 73, often jailed for years without trial for crimes as simple as studying Islamic texts.
In a strange repeat of events from 2016. researchers at Google and the UK government revealed that a site publishing leaked documents from a group of British Brexit-supporting politicians was actually created by Russia-based hackers. The site, called Very English Coop d’Etat, describes its collection of leaked emails as coming from an influential group of hard-line right-wing Brexit supporters, including former MI6 chief Richard Dearlove. But Google’s threat analysis group told Reuters the site appears to have been created by a Russian hacking group it calls Cold River. Former UK intelligence chief Dearlove warned that the leak of his emails should be understood as a Russian influence operation, especially given the West’s current frosty relationship with Russia over its illegal and unprovoked invasion of Ukraine.
A casually unsealed warrant spotted by Forbes revealed that an Iraqi man tried to assassinate former President George W. Bush in Dallas, going so far as to videotape Bush’s home in November. According to the warrant, the FBI claims it foiled the plot by using a confidential informant and monitoring the metadata of the would-be killer’s WhatsApp messages. The case shows how, despite law enforcement claims that end-to-end encryption could hamper investigations, the FBI was able to monitor encrypted apps like WhatsApp and even hack into their communications through the use of undercover informants.
