this post was submitted on 12 Mar 2025
69 points (98.6% liked)
Privacy
35405 readers
639 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Paywall bypass: http://archive.today/2025.03.12-170136/https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/
The list: https://archive.ph/o/Lldzh/https://docs.google.com/spreadsheets/d/1VyAaJaWCutyJyMiTXuDH4D_HHefoYxnbGL9l02kyCus/edit?usp=sharing&ref=404media.co
It doesn’t appear to have any fediverse instances, unless you want to count Threads. It does have ProtonMail & Signal; I wonder what that actually means.
Thanks for the list. Unfortunately, they list "Fediverse" which likely means they're scraping ActivityPub. They're also going after your Steam account, Twitch, YouTube, and porn.
In other words, this is so much worse than the headline makes it out to be.
Surprisingly, Reddit is NOT on the list.
Here's the full list of names:
4chan Archives
Discord Archives
21Buttons
500px
about.me
AllMyLinks
AllTrails
Amazon
Ameba
Amino
AnimePlanet
Apple Music
Artists&Clients
Asciinema
AudioJungle
AudiUSA
BabyCenter
Baidu
BeReal
Bigo Live
Bing
Biolink
BitChute
BlackPlanet
Blogger
Bluesky
Bodybuilding
BookCrossing
Breaches
BuyMeACoffee
Cash App
CastingCall Club
Chaturbate
Chess.com
Cigar Dojo
CityXGuide
CloutHub
Cocolog
Companies House
Cozy.tv
Cracked
Creema
Dailymotion
Danbooru
Dark Web
DeepL
DeviantArt
Disqus
DLive
Dot.cards
Douyin
Drum
DuckDuckGo
Duolingo
E621
eBay
Eporner
Etsy
Facebook
Fansly
FastPeopleSearch
Fediverse (likely ActivityPub - possibly DMs between servers)
FetLife
Fiverr
Flickr
FlightAware
Foursquare
FriendFinder
FurAffinity
Gab
Gaia Online
GameFAQs
Gelbooru
GeneralMotors
Geocaching
GeoEstimation
Gettr
Giphy
GitHub
Glassdoor
GoFundMe
Goo
Google
Goodreads
Gravatar
Guancha
GunBroker
Habbo
Hackaday
Hatena
Honda
Hubski
ILoveGrowingMarijuana
ImageShack
Imgur
IMVU
Indeed
Instagram
Instructables
JudyRecords
Jugem
JustForFans
Keybase
Kick
Kik
Last.fm
LibraryThing
Lichess
Likee
Line
LinkedIn
Linktree
LiveIn
LiveJournal
Lobsters
Mail.ru
Malgari
MapMyTracks
Marshmallow
MarTech
Massage Anywhere
Medium
MeetMe
Mercari Jp
MeWe
Minds
Minecraft
Mix
Mixlr
ModDB
Mughosts
MyFitnessPal
Myspace
MySubaru
Naijapals
Nextdoor
NissanUSA
Odysee
OFAC Sanctions List
OkCupid
OK.ru
OnlyFans
Pandia
Pandora
Passes
Pastebin
Patreon
PayPal
PCGamer
Peloton
PGP
Pinterest
Plurk
Poal
Popl
Pornhub
Poshmark
Product Hunt
ProtonMail
PSNProfiles
Reblogme
Reddit
RedGifs
Replit
ReverbNation
Roblox
Rule34.xxx
Rumble
Rutube
ScoutWiki
Seesaa
Seneporno
Signal
SkipTheGames
Skype
SlideShare
Snapchat
Sogou
SoundCloud
SourceForge
Spiceworks
Spotify
Sprashivai
Steam (fuck off you fucking fucks)
StellantisEU
StellantisUSA
Strava
Stripchat
Substack
TechNet
Telegram
Tellows
Tesseract OCR
Threads
TikTok
Tinder
TinEye
ToyotaUSA
Trakt
Triller
TripAdvisor
TrueCaller
TruthSocial
Tumblr
Twilio
Twitch
Twitter
Untappd
Venmo
VidLii
Vimeo
Vine
VirusTotal
VK
Volkswagen
VSCO
WatchMeMore
Weibo
WhatsApp
Wire
Wordfeud
Xbox
xHamster
XING
XVideos
Yahoo
Yandex
Yappy
YCombinator
Yelp
YouTube
Zhihu
Zillow
ZoneH
Reddit is right there in your list.
Also:
Thanks. Brings back memories.
If they’re slurping all these other sites, I highly doubt they’re not slurping Reddit, too, even if it’s not on the list.
They would have to hack the individual servers to get at the DMs, because they’re encrypted in transit. All the public stuff is trivial to scrape.
Nope, ActivityPub DMs are not encrypted between servers - if it's on the feed, it's public- or at least it was as of six months ago. I found this out when I attached a Wordpress site to a Mastodon instance and suddenly found i could read anyone's DMs to users on other servers. Totally unencrypted. I actually paused development and working with ActivityPub because of it.
This doesn't mean that messages to users on the same server are necessarily exposed, but the potential is there if you don't have a filter for local publishing only engaged on your Mastodon instance.
It is insofar as TLS/SSL/HTTPS encryption is used in transit. That’s what I mean by encrypted in transit.
If you’re an administrator for (WordPress) ActivityPub server A, you can see all the DMs coming to and leaving from your server, yes. And they’re not encrypted at rest, so you can read them any time. But how would you see DMs going between server B and server C, when your server isn’t involved in the transaction?
It apparently scrapes everything on the public feed. So when I subscribed to users on Mastodon server A from Wordpress, DMs from Mastodon server A going to Mastodon server B became visible.
I had a separate account on Mastodon server A to confirm that I couldn't see these DMs as Mastodon user on server A, and that the Wordpress scrape was grabbing messages normally not meant for public view.
This was using the ActivityPub plugin for Wordpress about six months ago.
EDIT: I should be clear that I was as surprised as the other commentators that the DMs weren't encrypted and that I could see them at all through a 3rd party software. I did NOT see DMs between local users - only cross-instance.
What are they gonna do? Download gibberish?! Lol, it's all end-to-end encrypted with the decryption keys stored locally.
Maybe they got access to a backdoor.
.............If that is the case, I...am concerned. o_o
I mean Sweden asked for a backdoor recently, maybe they're jealous of the US lol
Probably just whatever the public metadata is. metadata is super powerful especially if you have a lot of it. if the email was protonmail to protonmail they will get nothing. If it's gmail to protonmail they will know that user X is talking to User Y in gmail. They will also have the email header information which is basically just going to be clear text. so they can still ascertain who you know, who you are talking about, and maybe a bit about what the conversation has to do with.
Aww man seriously DuckDuckGo is on the list? Ugh... Welp, does anyone know of any good alternatives? (I hear Ecosia's not half-bad...)
Duckduckgo is not the problem. They are using publicly scrapable information. So for instance if they have fingerprinted your device they see you go to duckduckgo, then they see you access a site about buying guns, it becomes trivial to determine what you searched for. They would not have direct access to what you search on duckduckgo and duckduckgo is not giving them access. They are using various methods to collect data based on habits. You can use literally any service you want and they could do the same thing.