Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

For more than a decade, DuckDuckGo has rallied against Google’s extensive online tracking. Now the privacy-focused web search and browser company has another target in its sights: the sprawling, messy web of data brokers that collect and sell your data every single day.

Today, DuckDuckGo is launching a new browser-based tool that automatically scans data broker websites for your name and address and requests that they be removed. Gabriel Weinberg, the company’s founder and CEO, says the personal-information-removal product is the first of its kind where users don’t have to submit any of their details to the tool’s owners. The service will make the requests for information to be removed and then continually check if new records have been added, Weinberg says. “We’ve been doing it to automate it completely end-to-end, so you don't have to do anything.

The personal-information removal is part of DuckDuckGo’s first subscription service, called Privacy Pro, and is bundled with the firm’s first VPN and an identity-theft-restoration service. Weinberg says the subscription offering, which is initially available only in the US for $9.99 per month or $99.99 per year, is part of an effort to add to the privacy-focused tools it provides within its web browser and search engine. “There’s only so much we can do in that browsing loop, there's things happening outside of that, and a big one is data brokers, selling information scraped from different places,” Weinberg says.

The data broker industry is a far-reaching, $200-plus billion market, which collects, buys, and sells as much information as it can. A lack of comprehensive privacy laws in the US allows companies to easily trade everything from people’s names and addresses to financial data and specific GPS coordinates gathered from your phone. (The recently proposed American Privacy Rights Act, if passed, would create a new registry of data brokers and give people some European-style privacy rights).

DuckDuckGo’s personal-information-removal tool—for now, at least—is taking the privacy fight to people-search websites, which allow you to look up names, addresses, and some details of family members. However, Weinberg says DuckDuckGo has created it so the company isn’t gathering details about you, and it is built on technology from Removaly, which the company acquired in 2022.

Ahead of its launch, the company demonstrated how the system works and some of the engineering efforts that went into its creation. On the surface, the removal tool is straightforward: You access it through the company’s browser and enter some information about yourself, such as your name, year of birth, and any addresses. It then scans 53 data broker websites for results linked to you and requests those results to be wiped. (All 53 data brokers included have opt-out schemes that allow people to make requests.) A dashboard shows updates about what has been removed and when it will next scan those websites again, in case new records have been added.

Under the hood, things are more complex. Greg Fiorentino, a product director at DuckDuckGo, says when you enter your personal data into the system, it’s all saved in an encrypted database on your computer (the tool doesn’t work on mobile), and the company isn’t sent this information. “It doesn't go to DuckDuckGo servers at all," he says.

For each of the data brokers’ websites, Fiorentino says, DuckDuckGo looked at its URL structure: For instance, search results may include the name, location, and other personal information that are queried. When the personal information tool looks for you on these websites, it constructs a URL with the details you have entered.

“Each of the 53 sites we cover has a slightly different structure,” Fiorentino says. “We have a template URL string that we substitute the data in from the user to search. There are lots of different nuances and things that we need to be able to handle to actually match the data correctly.”

During testing, the company says, it found most people have between 15 and 30 records on the data broker sites it checks, although the highest was around 150. Weinberg says he added six addresses to be removed from websites. “I found hits on old stuff, and even in the current address, which I really tried to hide a bit from getting spam at, it’s still out there somehow,” Weinberg says. “It’s really hard to avoid your information getting out there.”

Once the scan for records has been completed, the DuckDuckGo system, using a similar deconstruction of each of the data broker websites, will then automatically make requests for the records to be removed, the team working on the product say. Fiorentino says some opt-outs will happen within hours, whereas others can take weeks to remove the data. The product director says that in the future, the tool may be able to remove data from more websites, and the company is looking at potentially including more sensitive data in the opt-outs, such as financial information.

Various personal-information-removal services exist on the web, and they can vary in what they remove from websites or the services they provide. Not all are trustworthy. Recently, Mozilla, the creator of the Firefox browser, stopped working with identity protection service Onerep after investigative journalist Brian Krebs revealed that the founder of Onerep also founded dozens of people-search websites in recent years.

DuckDuckGo’s subscription service marks the first time the company has started charging for a product—its browser and search engine are free to use, and the firm makes its money from contextual ads. Weinberg says that, because subscriptions are purchased through Apple’s App Store, Google Play, or with payment provider Stripe, details about who subscribes are not transferred to DuckDuckGo’s servers. A random ID is created for each user when they sign up, so people don’t have to create an account or hand DuckDuckGo their payment information. The company says it doesn’t have access to people’s Apple IDs or Google account details.

For its identity-theft-restoration service, DuckDuckGo says it is working with identity protection service Iris, which uses trained staff to help with fraudulent banking activity, document replacement, emergency travel, and more. DuckDuckGo says no information is shared between it and Iris.

Weinberg says that while the company’s main focus is providing free and easy-to-use privacy tools to people, running a VPN and the removal tool requires a different business model. “It just takes a lot of bandwidth,” he says of the VPN.

Broadly, the VPN industry, which allows people to hide their web traffic from internet providers and avoid geographic restrictions on streaming, has historically been full of companies with questionable records when it comes to privacy and people’s data. Free VPNs have long been a privacy nightmare.

DuckDuckGo says its VPN, which it built in-house and which uses the WireGuard protocol, does not store any logs of people’s activities and can be used on up to five devices at once. “We don’t have any record of website visits, DNS requests, IP addresses connected, or session lengths,” the company says in its documentation. The VPN runs through its browser, with 13 location options at launch, but shields all internet traffic passing through your phone or computer.

The company says it is conducting a third-party audit of the VPN to allow its claims to be scrutinized, and it will publish the full audit once it’s complete. “We really wanted to do something in the VPN space for a long time, we just didn't have the resources and people to do it,” Weinberg says. “We looked at partnering in different places. If we have to completely trust a partner versus building something where we can make it anonymous, we decided we would want to do it ourselves.”

DuckDuckGo Is Taking Its Privacy Fight to Data Brokers

An attempt to reauthorize Section 702, the so-called crown jewel of US spy powers, failed for a third time in the House of Representatives after former president Donald Trump criticized the law.

For the third time since December, House Speaker Mike Johnson has failed to wrangle support for reauthorizing a critical US surveillance program, raising questions about the future of a law that compels certain businesses to wiretap foreigners on the government’s behalf.

Johnson lost 19 Republicans on Tuesday in a procedural vote that traditionally falls along party lines. Republicans control the House of Representatives but only by a razor-thin margin. The failed vote comes just hours after former US president Donald Trump ordered Republicans to “Kill FISA” in a 2 am post on Truth Social, referring to the Foreign Intelligence Surveillance Act, under which the program is authorized.

The Section 702 surveillance program, which targets foreigners overseas while sweeping up a large amount of US communications as well, is set to sunset on April 19. The program was extended by four months in late December following Johnson’s first failed attempt to hold a vote.

Congressional sources tell WIRED they have no idea what the next steps will be.

The program itself will carry on into the next year, regardless of whether Johnson manages to muster up another vote in the next week. Congress does not directly authorize the surveillance. Instead, it allows the US intelligence services to seek “certifications” from a secret surveillance court on a yearly basis.

The Justice Department applied for new certifications in February. Last week, it announced they’d been approved by the court. The government’s power to issue new directives under the program without Congress’s approval, however, remains in question.

The certifications, which are required only due to the “incidental” collection of US calls, generally permit the program’s use in cases involving terrorism, cybercrime, and weapons proliferation. US intelligence officials have also touted the program as crucial in combating the flood of fentanyl-related substances entering the US from overseas.

The program remains controversial due to a laundry list of abuses committed primarily at the Federal Bureau of Investigation, which maintains a database that holds a portion of the raw data collected under 702.

Although the government says it only “targets” foreigners, it has acknowledged collecting a large amount of US communications in the process. (The actual amount, it says, is impossible to calculate.) Nevertheless, it claims that once those communications are in the government’s possession, it is constitutional for federal agents to review those wiretaps without a warrant.

An unlikely coalition of progressives and conservative lawmakers formed last year in a push to end these warrantless searches, many of the Republicans involved vocal critics of the FBI following its misuse of FISA to target a Trump campaign staffer in 2016. (The 702 program, which is only one part of FISA, was not implicated in that particular controversy.)

Privacy experts have criticized proposed changes to the Section 702 program championed by members of the House Intelligence Committee, as well as Johnson, who had previously voted in favor of a warrant requirement despite now opposing it.

“It seems Congressional leadership needs to be reminded that these privacy protections are overwhelmingly popular,” says Sean Vitka, policy director at Demand Progress, a civil liberties–focused nonprofit. “Surveillance reformers remain willing and able to do that.”

A group of attorneys—among the few to ever present arguments before the Foreign Intelligence Surveillance Court—said in a statement on Tuesday that an amendment offered up by the Intel committee risked dramatically increasing the number of US businesses forced to cooperate with the program.

Declassified filings released by the FISA court last year revealed that the FBI had misused the 702 program more than 278,000 times, including, as reported by _The Washington Post_, against “crime victims, January 6 riot suspects, people arrested at protests after the policing killing of George Floyd in 2020 and—in one case—19,000 donors to a congressional candidate.”

James Czerniawaski, a senior policy analyst at Americans for Prosperity, a Washington, DC, think tank pushing for changes to Section 702, says that despite recognizing its value, it remained a “troubled program” in need of “significant and meaningful reforms.”

“The outcome of today was completely avoidable,” he says, “but it requires the Intelligence Community and its allies to recognize that its days of unaccountable and unconditional spying on Americans are over.”

Trump Loyalists Kill Vote on US Wiretap Program

Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

If you’ve ever posted something to the internet—a pithy tweet, a 2009 blog post, a scornful review, or a selfie on Instagram—it has most likely been slurped up and used to help train the current wave of generative AI. Large language models, like ChatGPT, and image creators are powered by vast reams of our data. And even if it’s not powering a chatbot, the data can be used for other machine-learning features.

Tech companies have scraped vast swathes of the web to gather the data they claim is needed to create generative AI—with little regard for content creators, copyright laws, or privacy. On top of this, increasingly, firms with reams of people’s posts are looking to get in on the AI gold rush by selling or licensing that information. Looking at you, Reddit.

However, as the lawsuits and investigations around generative AI and its opaque data practices pile up, there have been small moves to give people more control over what happens to what they post online. Some companies now let individuals and business customers opt out of having their content used in AI training or being sold for training purposes. Here’s what you can—and can’t—do.

**There’s a Limit**

Before we get to how you can opt out, it’s worth setting some expectations. Many companies building AI have already scraped the web, so anything you’ve posted is probably already in their systems. Companies are also secretive about what they have actually scraped, purchased, or used to train their systems. “We honestly don't know that much,” says Niloofar Mireshghallah, a researcher who focuses on AI privacy at the University of Washington. “In general, everything is very black-box.”

Mireshghallah explains that companies can make it complicated to opt out of having data used for AI training, and even where it is possible, many people don’t have a “clear idea” about the permissions they’ve agreed to or how data is being used. That’s before various laws, such as copyright protections and Europe’s strong privacy laws, are taken into consideration. Facebook, Google, X, and other companies have written into their privacy policies that they may use your data to train AI.

While there are various technical ways AI systems could have data removed from them or “unlearn,” Mireshghallah says, there’s very little that’s known about the processes that are in place. The options can be buried or labor-intensive. Getting posts removed from AI training data is likely to be an uphill battle. Where companies are starting to allow opt-outs for future scraping or data sharing, they are almost always making users opt-in by default.

“Most companies add the friction because they know that people aren’t going to go looking for it,” says Thorin Klosowski, a security and privacy activist at the Electronic Frontier Foundation. “Opt-in would be a purposeful action, as opposed to opting out, where you have to know it’s there.”

While less common, some companies building AI tools and machine learning models don't automatically opt-in customers. “We do not train our models on user-submitted data by default. We may use user prompts and outputs to train Claude where the user gives us express permission to do so, such as clicking a thumbs up or down signal on a specific Claude output to provide us feedback,” says Jennifer Martinez, a spokesperson for Anthropic. In this situation, the most recent iteration of the company’s Claude chatbot is built on public information online and third-party data—content people posted elsewhere online—but not user information.

The majority of this guide deals with opt-outs for text, but artists have also been using “Have I Been Trained?” to signal their images shouldn't be used for training. Run by startup Spawning, the service allows people to see if their creations have been scraped and then opt out of any future training. “Anything with a URL can be opted out. Our search engine only searches images, but our browser extension lets you opt out any media type,” says Jordan Meyer, cofounder and CEO of Spawning. Stability AI, the startup behind a text-to-image tool called Stable Diffusion, is among companies that say they are honoring the system.

The list below only includes companies currently with an opt-out process. For example, Microsoft’s Copilot does not offer users with personal accounts the option to have their prompts not used to improve the software. “A portion of the total number of user prompts in Copilot and Copilot Pro responses are used to fine-tune the experience,” says Donny Turnbaugh, a spokesperson for Copilot. “Microsoft takes steps to deidentify data before it is used, helping to protect consumer identity.” Even if the data is deidentified, privacy-minded users may want more potential control over their information.

**How to Opt Out of AI Training**

Adobe

Adobe via Matt Burgess

If you store your files in Adobe’s Creative Cloud, the company may use them to train its machine-learning algorithm. “When we analyze your content for product improvement and development purposes, we first aggregate your content with other content and then use the aggregated content to train our algorithms and thus improve our products and services,” reads the company’s FAQ. This doesn’t apply to any files stored only on your device.

If you’re using a personal Adobe account, it’s easy to opt out. Open up Adobe’s **privacy page**, scroll down to the **Content analysis** section, and click the toggle to turn it off. For business or school accounts, the opt-out process is not available on the individual level, and you’ll have to reach out to your administrator.

Amazon: AWS

AI services from Amazon Web Services, like Amazon Rekognition or Amazon CodeWhisperer, may save customer data to improve the company’s tools. Head’s up, this is the most complicated opt-out process included in the roundup, so you likely need help from an IT professional at your company or an AWS representative to perform it successfully. Outlined on this support page from Amazon, the process includes enabling the option for your organization, creating a policy, and attaching that policy where necessary.

Google: Gemini

For users of Google’s chatbot, Gemini, conversations may sometimes be selected for human review to improve the AI model. Opting out is simple, though. Open up Gemini in your browser, click on **Activity**, and select the **Turn Off** drop-down menu. Here you can just turn off the Gemini Apps Activity, or you can opt out as well as delete your conversation data. While this does mean in most cases that future chats won’t be seen for human review, already selected data is not erased through this process. According to Google’s privacy hub for Gemini, these chats may stick around for three years.

Grammarly

Grammarly does not currently offer an opt-out process for personal accounts, but self-serve business accounts can choose to opt out from having their data used to train Grammarly’s machine-learning model. Turn it off by opening up your **Account Settings**, clicking on the **Data Settings** tab, and toggling off **Product Improvement & Training**. If you have a managed business account, which includes accounts for classroom education and accounts bought through a Grammarly sales representative, you are automatically opted out from AI model training.

HubSpot

HubSpot, a popular marketing software, automatically uses data from customers to improve its machine-learning model. Unfortunately, there’s not a button to press to turn off the use of data for AI training. You have to **send an email** to privacy@hubspot.com with a message requesting that the data associated with your account be opted out.

OpenAI: ChatGPT and Dall-E

OpenAI via Matt Burgess

People reveal all sorts of personal information while using a chatbot. OpenAI provides some options for what happens to what you say to ChatGPT—including allowing its future AI models not to be trained on the content. “We give users a number of easily accessible ways to control their data, including self-service tools to access, export, and delete personal information through ChatGPT. That includes easily accessible options to opt out from the use of their content to train models,” says Taya Christianson, an OpenAI spokesperson. (The options vary slightly depending on your account type, and data from enterprise customers is not used to train models).

On its help pages, OpenAI says ChatGPT web users without accounts should navigate to **Settings** and then uncheck **Improve the model for everyone**. If you have an account and are logged in through a web browser, select **ChatGPT, Settings, Data Controls,** and then turn off **Chat History & Training**. If you’re using ChatGPT’s mobile apps, go to **Settings**, pick **Data Controls,** and turn off **Chat History & Training**. Changing these settings, OpenAI’s support pages say, won’t sync across different browsers or devices, so you need to make the change everywhere you use ChatGPT.

OpenAI is about a lot more than ChatGPT. For its Dall-E 3 image generator, the startup has a **form that allows you to send images** to be removed from “future training datasets.” It asks for your name, email, whether you own the image rights or are getting in touch on behalf of a company, details of the image, and any uploads of the image(s). OpenAI also says if you have a “high volume” of images hosted online that you want removed from training data, then it may be “more efficient” to add GPTBot to the robots.txt file of the website where the images are hosted.

Traditionally a website’s robots.txt file—a simple text file that usually sits at websitename.com/robots.txt—has been used to tell search engines, and others, whether they can include your pages in their results. It can now also be used to tell AI crawlers not to scrape what you have published—and AI companies have said they’ll honor this arrangement.

Perplexity

Perplexity is a startup that uses AI to help you search the web and find answers to questions. Like all of the other software on this list, you are automatically opted in to having your interactions and data used to train Perplexity’s AI further. Turn this off by clicking on your **account name**, scrolling down to the **Account** section, and turning off the **AI Data Retention** toggle.

Quora

Quora via Matt Burgess

Quora says it “currently” doesn’t use answers to people’s questions, posts, or comments for training AI. It also hasn’t sold any user data for AI training, a spokesperson says. However, it does offer opt-outs in case this changes in the future. To do this, visit its **Settings** page, click to **Privacy,** and turn off the “**Allow large language models to be trained on your content**” option. Despite this choice, there are some Quora posts that may be used for training LLMs. If you reply to a machine-generated answer, the company’s help pages say, then those answers may be used for AI training. It points out that third parties may just scrape its content anyway.

Rev

Rev, a voice transcription service that uses both human freelancers and AI to transcribe audio, says it uses data “perpetually” and “anonymously” to train its AI systems. Even if you delete your account, it will still train its AI on that information.

Kendell Kelton, head of brand and corporate communications at Rev, says it has the “largest and most diverse data set of voices,” made up of more than 6.5 million hours of voice recording. Kelton says Rev does not sell user data to any third parties. The firm’s terms of service say data will be used for training, and that customers are able to opt out. People can opt out of their data being used by **sending an email** to support@rev.com, its help pages say.

Slack

All of those random Slack messages at work might be used by the company to train its models as well. “Slack has used machine learning in its product for many years. This includes platform-level machine-learning models for things like channel and emoji recommendations,” says Jackie Rocca, a vice president of product at Slack who’s focused on AI.

Even though the company does not use customer data to train a large language model for its Slack AI product, Slack may use your interactions to improve the software’s machine-learning capabilities. “To develop AI/ML models, our systems analyze Customer Data (e.g. messages, content, and files) submitted to Slack,” says Slack’s privacy page. Similar to Adobe, there’s not much you can do on an individual level to opt out if you’re using an enterprise account.

The only real way to opt out is to have your administrator email Slack at feedback@slack.com. The message must have the subject line “Slack Global model opt-out request” and include your organization's URL. Slack doesn’t provide a timeline for how long the opt-out process takes, but it should send you a confirmation email after it’s complete.

Squarespace

Website-building tool Squarespace has built in a toggle to stop AI crawlers from scraping websites it hosts. This works by updating your website’s robots.txt file to tell AI companies the content is off limits. To block the AI bots, open **Settings** within your account, find **Crawlers**, and turn off **Artificial Intelligence Crawlers**. It points out this should work for the following crawlers: Anthropic, OpenAI’s GPTBot and ChatGPT-User, Google Extended, and CCBot.

Substack

If you use Substack for blog posts, newsletters, or more, the company also has an easy option to apply the robots.txt opt-out. Within your **Settings** page, scroll to the **Publication** section and turn on the toggle to **Block AI training**. Its help page points out: “This will only apply to AI tools that respect this setting.”

Tumblr

Blogging and publishing platform Tumblr—owned by Automattic, which also owns WordPress—says it is “working with” AI companies that are “interested in the very large and unique set of publicly published content” on the wider company’s platforms. This doesn’t include user emails or private content, an Automattic spokesperson says.

Tumblr has a “prevent third-party sharing” option to stop what you publish being used for AI training, as well as being shared with other third parties such as researchers. If you’re using the Tumblr app, go to account S**ettings**, select your blog, click on the **gear icon**, select **Visibility**, and toggle the “**Prevent third-party sharing**” option. Explicit posts, deleted blogs, and those that are password-protected or private, are not shared with third-party companies in any case, Tumblr’s support pages say.

WordPress

Wordpress via Matt Burgess

Like Tumblr, WordPress has a “prevent third-party sharing” option. To turn this on, visit your website’s dashboard, click on **Settings**, **General**, and then through to **Privacy**, select the **Prevent third-party sharing** box. “We are also trying to work with crawlers (like https://commoncrawl.org/) to prevent content from being scraped and sold without giving our users choice or control over how their content is used,” an Automattic spokesperson says.

Your Website

If you are hosting your own website, you can update your robots.txt file to tell AI bots not to scrape the pages. Most news websites don’t allow their articles to be crawled by AI bots. WIRED’s robots.txt file, for example, doesn’t allow bots from OpenAI, Google, Amazon, Facebook, Anthropic, or Perplexity, among others. This opt-out isn’t just for publishers though: Any website, big or small, can alter its robots file to exclude AI crawlers. All you need to do is add a disallow command; working examples can be found here.

How to Stop Your Data From Being Used to Train AI

The US Congress will this week decide the fate of Section 702, a major surveillance program that will soon expire if lawmakers do not act. WIRED is tracking the major developments as they unfold.

The United States government, like its rivals in Moscow and Beijing, has poured untold millions of dollars into quietly turning the phones and internet browsers of its own citizens into a powerful intelligence-gathering tool. Shadowy deals between federal agencies and commercial data brokers have helped the US intelligence system to amass a “large amount” of what its own experts term “intimate information” on Americans.

Most US citizens are in the dark as to the true scope and scale of the surveillance they’re under.

House speaker Mike Johnson—whose brief tenure as speaker has been roiled by an ongoing debate over domestic intelligence abuses—previously supported several privacy measures that, now in power, he is working to defeat, including strong new limits on the government’s access to private data.

This week, Johnson is working to resolve the lingering issue of reauthorizing Section 702, a key foreign surveillance program authorized by Congress to target terrorists, cybercriminals, and narcotics traffickers overseas. The program is set to officially expire on April 19.

Congressional sources tell WIRED that a vote to salvage the program could come as early as Thursday, following a series of scheduled briefings on Tuesday and Wednesday between lawmakers and intelligence officials, as well as a number of smaller votes that may significantly modify the terms of the program for years to come.

The focus of privacy advocates has turned almost entirely to an amendment that aims to force the FBI and other agencies to apply for a warrant before accessing the communications of Americans _incidentally_ captured by the US under the 702 program.

Thursday’s vote over the 702 program is at least the third scheduled by the speaker since December. As Johnson has in each case waited until the final moment to delay the vote, a fog of uncertainty surrounds the whole of the process. Privately, lawmakers are discussing next steps should the speaker decide to simply let the program expire, avoiding new statutory limits on the government's most-prized surveillance weapon.

To keep pace with a situation that is sure to evolve rapidly over the next 48 hours, WIRED will update this article with the latest details as they become available. See below for the latest developments.

**House Intel Chair Fires Back at Warrant Seekers**

“We are here,” representative Mike Turner told the House Rules Committee, “because the intelligence community failed us. The FBI failed us. The intelligence community failed to properly police themselves, and they abused the tools that we gave them under FISA.”

Turner, the GOP chairman of the House Intelligence Committee, testified that, in his opinion, the underlying text of the bill was adequate to curb future surveillance abuses by the FBI; that the abuses of the past had been the result of mistakes made by “rank-and-file” employees; and that the same mistakes could be reasonably avoided today by merely asking higher ranking officers to sign off before granting access to wiretaps of Americans’ calls and texts.

Throughout his testimony, Turner discussed the 702 program in terms that focused strictly on its use against terrorist organizations, at times implying that only the communications of Americans in direct contact with foreigners who “represent a national security threat to the United States” are swept up by the program.

In fact, no foreigner is required to have ties to terrorism or be suspected of a crime against the US to be considered a legitimate 702 target. Far less discerning, one of the stated purposes of the program is to gather information relevant to the “conduct of foreign affairs”—a phrase that legal experts contend is so vague as to apply to “almost any activity.”

**What Is Section 702?**

In the wake of 9/11, US president George W. Bush authorized the National Security Agency (NSA) to eavesdrop on Americans without court-approved warrants as part of the hunt for evidence of terrorist activity. A federal judge ruled the collection unconstitutional in 2006, as part of a lawsuit brought by the American Civil Liberties Union. (An appeals court later overturned the ruling without challenging the case's merits.)

Rather than end the surveillance, Congress codified the program as Section 702 of the Foreign Intelligence Surveillance Act (FISA), granting itself some authority to enforce procedures ostensibly designed to limit the program's impact on Americans’ civil liberties.

Section 702 explicitly prohibits the government from targeting Americans. The surveillance must instead focus on foreigners who are physically located overseas. Nevertheless, Americans’ communications are routinely swept up by the program.

While denying that it intentionally sets out to eavesdrop on its own citizens, once it has already done so, the US government’s position is that it now has a right to access these “legally collected” communications without a judge’s approval. In 2021 alone, the FBI conducted searches of communications intercepted under 702 more than 3.4 million times.

Last year, after acknowledging that hundreds of thousands of these searches were unlawful, the FBI said it had taken steps to curtail the number of queries carried out by its employees, reporting in 2022 as few as 204,000 searches.

It is impossible to count the number of Americans whose calls, emails, and texts are subject to surveillance under 702, the government claims, arguing that any attempt to reach an accurate figure would only further imperil the privacy of the Americans it surveils.

Congress is currently divided into two factions: Those that believe the FBI should be required to get a warrant before reading or listening to the communications of Americans collected under 702. And those who say warrants are too burdensome a requirement to impose on investigations of national security threats.

**Judiciary Leaders Call Out FBI’s History of Abuse**

Jim Jordan, the Republican chairman of the House Judiciary Committee, and a leading advocate for stronger privacy under 702 among conservatives, drew attention in his testimony Tuesday to the litany of surveillance abuses first reported by _The Washington Post_ one year ago.

Court documents declassified and released by the FISA court last year found that the FBI had misused the 702 program more than 278,000 times, including, as _The Post_ reported, against “crime victims, Jan. 6 riot suspects, people arrested at protests after the policing killing of George Floyd in 2020 and—in one case—19,000 donors to a congressional candidate.”

“The fundamental question, still, is if the FBI wouldn't follow the procedures in place 278,000 times ... are new requirements going to be enough to safeguard American’ liberties?” Jordan says. "When you have the history we have with this organization, relative to not following the rules, we think you need a separate but equal branch of the government to approve a warrant before you can query American citizens' information.”

Jarrold Nadler—Jordan's Democratic counterpart on the Judiciary—concurred, calling even more emphatically on Congress to “rein in abuse of FISA Section 702 authorities by the intelligence community.”

“Yes, there are already laws on the books to protect Americans from unauthorized government surveillance,” says Nadler. “But we know from our oversight efforts and the intelligence community's own reporting that these laws are often disregarded and are at the very least inadequate to keep this powerful surveillance tool in check.”

The House Rules Committee is currently holding a hearing that will determine what the final text of the 702-reauthorization bill will look like and which amendments will be offered up for a vote on the House floor.

Both the House Judiciary and Intelligence committees are expected to offer up several amendments, with the latter aiming to impose new warrant requirements on the FBI prior to querying the 702 database for information on Americans. Watch the hearing below:

Section 702: The Future of the Biggest US Spy Program Hangs in the Balance

AI tools are getting better at cloning people’s voices, and scammers are using these new capabilities to commit fraud. Avoid getting swindled by following these expert tips.

You answer a random call from a family member, and they breathlessly explain how there’s been a horrible car accident. They need you to send money right now, or they’ll go to jail. You can hear the desperation in their voice as they plead for an immediate cash transfer. While it sure sounds like them, and the call came from their number, you feel like something’s off. So, you decide to hang up and call them right back. When your family member picks up your call, they say there hasn’t been a car crash, and that they have no idea what you’re talking about.

Congratulations, you just successfully avoided an artificial intelligence scam call.

As generative AI tools get more capable, it is becoming easier and cheaper for scammers to create fake—but convincing—audio of people’s voices. These AI voice clones are trained on existing audio clips of human speech, and can be adjusted to imitate almost anyone. The latest models can even speak in numerous languages. OpenAI, the maker of ChatGPT, recently announced a new text-to-speech model that could further improve voice cloning and make it more widely accessible.

Of course, bad actors are using these AI cloning tools to trick victims into thinking they are speaking to a loved one over the phone, even though they’re talking to a computer. While the threat of AI-powered scams can be frightening, you can stay safe by keeping these expert tips in mind the next time you receive an urgent, unexpected call.

**Remember That AI Audio Is Hard to Detect**

It’s not just OpenAI; many tech startups are working on replicating near perfect-sounding human speech, and the recent progress is rapid. “If it were a few months ago, we would have given you tips on what to look for, like pregnant pauses or showing some kind of latency,” says Ben Colman, cofounder and CEO of Reality Defender. Like many aspects of generative AI over the past year, AI audio is now a more convincing imitation of the real thing. Any safety strategies that rely on you audibly detecting weird quirks over the phone are outdated.

**Hang Up and Call Back**

Security experts warn that it’s quite easy for scammers to make it appear as if the call were coming from a legitimate phone number. “A lot of times scammers will spoof the number that they're calling you from, make it look like it's calling you from that government agency or the bank,” says Michael Jabbara, global head of fraud services at Visa. “You have to be proactive.” Whether it’s from your bank or from a loved one, any time you receive a call asking for money or personal information, go ahead and ask to call them back. Look up the number online or in your contacts, and initiate a follow-up conversation. You can also try sending them a message through a different, verified line of communication like video chat or email.

**Create a Secret Safe Word**

A popular security tip that multiple sources suggested was to craft a safe word that only you and your loved ones know about, and which you can ask for over the phone. “You can even prenegotiate with your loved ones a word or a phrase that they could use in order to prove who they really are, if in a duress situation,” says Steve Grobman, chief technology officer at McAfee. Although calling back or verifying via another means of communication is best, a safe word can be especially helpful for young ones or elderly relatives who may be difficult to contact otherwise.

**Or Just Ask What They Had for Dinner**

What if you don’t have a safe word decided on and are trying to suss out whether a distressing call is real? Pause for a second and ask a personal question. “It could even be as simple as asking a question that only a loved one would know the answer to,” says Grobman. “It could be, ‘Hey, I want to make sure this is really you. Can you remind me what we had for dinner last night?’” Make sure the question is specific enough that a scammer couldn’t answer correctly with an educated guess.

**Understand Any Voice Can Be Mimicked**

Deepfake audio clones aren’t just reserved for celebrities and politicians, like the calls in New Hampshire that used AI tools to sound like Joe Biden and to discourage people from going to the polls. “One misunderstanding is, ‘It cannot happen to me. No one can clone my voice,’” says Rahul Sood, chief product officer at Pindrop, a security company that discovered the likely origins of the AI Biden audio. “What people don’t realize is that with as little as five to 10 seconds of your voice, on a TikTok you might have created or a YouTube video from your professional life, that content can be easily used to create your clone.” Using AI tools, the outgoing voicemail message on your smartphone might even be enough to replicate your voice.

**Don’t Give in to Emotional Appeals**

Whether it’s a pig butchering scam or an AI phone call, experienced scammers are able to build your trust in them, create a sense of urgency, and find your weak points. “Be wary of any engagement where you’re experiencing a heightened sense of emotion, because the best scammers aren’t necessarily the most adept technical hackers,” says Jabbara. “But they have a really good understanding of human behavior.” If you take a moment to reflect on a situation and refrain from acting on impulse, that could be the moment you avoid getting scammed.

AI Scam Calls: How to Protect Yourself, How to Detect

While some states have made data privacy gains, the US has so far been unable to implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.

Congress may be closer than ever to passing a comprehensive data privacy framework after key House and Senate committee leaders released a new proposal on Sunday.

The bipartisan proposal, titled the American Privacy Rights Act, or APRA, would limit the types of consumer data companies can collect, retain, and use to what they need to operate their services. Users would also be allowed to opt-out of targeted advertising and have the ability to view, correct, delete, and download their data from online services. The proposal would also create a national registry of data brokers, and force those companies to allow users to opt out of having their data sold.

“This landmark legislation gives Americans the right to control where their information goes and who can sell it,” Cathy McMorris Rodgers, House Energy and Commerce Committee chair, said in a statement on Sunday. “It reins in Big Tech by prohibiting them from tracking, predicting, and manipulating people’s behaviors for profit without their knowledge and consent. Americans overwhelmingly want these rights, and they are looking to us, their elected representatives, to act.”

Congress has tried to put together a comprehensive federal law protecting user data for decades. Lawmakers have remained divided, though, on whether that legislation should prevent states from issuing tougher rules, and whether to allow a “private right of action” that would enable people to sue companies in response to privacy violations.

In an interview with the _Spokesman Review_ on Sunday, McMorris Rodgers claimed that the draft’s language is stronger than any active laws, seemingly as an attempt to assuage the concerns of Democrats who have long fought attempts to preempt preexisting state-level protections. APRA does allow states to pass their own privacy laws related to civil rights and consumer protections, among other exceptions.

In the previous session of Congress, the leaders of the House Energy and Commerce Committees brokered a deal with Roger Wicker, the top Republican on the Senate Commerce Committee, on a bill that would preempt state laws with the exception of the California Consumer Privacy Act and the Biometric Information Privacy Act of Illinois. That measure, titled the American Data Privacy and Protection Act, also created a weaker private right of action than most Democrats were willing to support. Cantwell refused to support the measure, instead circulating her own draft legislation. The ADPPA hasn’t been reintroduced, but APRA was designed as a compromise.

“I think we have threaded a very important needle here,” Cantwell told the _Spokesman Review_. “We are preserving those standards that California and Illinois and Washington have.”

APRA includes language from California’s landmark privacy law allowing people to sue companies when they are harmed by a data breach. It also provides the Federal Trade Commission, state attorneys general, and private citizens the authority to sue companies when they violate the law.

The categories of data that would be impacted by the APRA include certain categories of “information that identifies or is linked or reasonably linkable to an individual or device,” according to a Senate Commerce Committee summary of the legislation. Small businesses—those with $40 million or less in annual revenue and limited data collection—would be exempt under APRA, with enforcement focused on businesses with $250 million or more in yearly revenue. Governments and “entities working on behalf of governments” are excluded under the bill, as are the National Center for Missing and Exploited Children and, apart from certain cybersecurity provisions, “fraud-fighting” nonprofits.

US representative Frank Pallone, the top Democrat on the House Energy and Commerce Committee, called the draft “very strong” in a Sunday statement, but said he wanted to “strengthen” it with tighter child safety provisions.

Still, it remains unclear whether APRA will receive the necessary support for approval. On Sunday, committee aids said that conversations on other lawmakers signing onto the legislation are ongoing. The current proposal is a “discussion draft;” while there’s no official date for introducing a bill, Cantwell and McMorris Rodgers will likely shop around the text to colleagues for feedback over the coming weeks, and plan to send it to committees this month.

A Breakthrough Online Privacy Proposal Hits Congress

Ad trackers are out of control. Use a browser that reins them in.

Google's admission that, yes, it does track you while you're in Chrome's Incognito mode, is just the latest in a long line of unsettling revelations about just how keenly Big Tech keeps an eye on our movements every time we connect to the internet. Billions of data records will now be deleted as part of a settlement to a class action lawsuit brought against Google.

As we've written before, Incognito mode and the equivalent modes offered by other browsers aren't as secure as you might think, particularly if you start signing into accounts like Google or Facebook. Your activities and searches as a logged-in user on large platforms can still be recorded, primarily to create advertising that's more accurately targeted toward your demographic.

Google, for its part, says it’s transparent about what data it’s storing and why—and in recent years it has made it easier for users to see and delete the information held about them. To really lock down your privacy and security, though, it’s best to switch to a browser not made by a company that earns billions of dollars selling ads.

And there are alternatives: Below we recommend several browsers built with user privacy and security as a priority. Even better, in many cases they can import data such as bookmarks and passwords from your current browser—Google Chrome, for example.

**DuckDuckGo (Android, iOS, Windows, macOS)**

The DuckDuckGo browser blocks trackers at their source.

DuckDuckGo via David Nield

You might know DuckDuckGo as the anti-Google search engine, but the parent company has branched out to make its own browsers too. They keep you well protected online and at the same time give you plenty of information about the tracking technologies being proactively blocked.

DuckDuckGo starts by enforcing encrypted HTTPS connections when websites offer them, and gives each page you visit a grade based on how aggressively it's trying to mine your data. It'll even scan and rank site privacy policies for you.

When it comes to browsing data, this can be cleared automatically at the end of each session or after a certain period of time. Pop-ups and ads are snuffed out, and of course the DuckDuckGo search engine is built in, free of the Google trappings.

You also get extras like throwaway email aliases you can use in place of your real email address to protect your privacy, and everything about the browser and its features is simple to use: You don't really need to do anything except install them, so you're getting maximum protection with minimal effort.

**Ghostery (Android, iOS, Windows, macOS)**

Ghostery comes with a range of tools to protect your privacy.

Ghostery via David Nield

Install Ghostery on your mobile device or your computer, and straight away it gets to work blocking adverts and tracking cookies that will attempt to keep tabs on what you're up to on the web. There are no complicated setup screens or configurations to manage.

Like DuckDuckGo, Ghostery tells you exactly which trackers and ads it's blocking and how many monitoring tools each website has installed. If you do come across certain sites that are well behaved, you can mark them as trusted with a tap.

Or, if you find a site that's packed full of tracking systems, you can block every single bit of cookie technology on it (for commenting systems, media players, and so on), even if the site ends up breaking. A simple, private search engine is built in to replace Google too.

Ghostery's tools are a little more in-depth and advanced than the ones offered by DuckDuckGo, so you might consider it if you want to take extra control over which trackers are blocked on which sites—but it's simple enough for anyone to use.

**Tor Browser (Android, Windows, macOS)**

Tor connects you to the Tor network, to keep your online activities more private.

Tor via David Nield

Tor Browser markets itself as a browsing option "without tracking, surveillance, or censorship." It is worth a look if you want the ultimate in anonymized, tracker-free browsing—unless you're on iOS, where it isn't available (Tor recommends the Onion Browser instead).

The browser is part of a bigger project to keep internet browsing anonymous: Use Tor and you use the Tor Project network, a complex, encrypted relay system managed by the Tor community, making it much harder for anyone else to follow your activities online.

As well as this additional layer of anonymity, Tor Browser is super-strict on the background scripts and tracking tech that sites can run. It also blocks fingerprinting, a method where advertisers attempt to recognize the unique characteristics of your device.

At the end of each browsing session, everything gets wiped, including cookies left behind by sites and the browsing history inside the Tor Browser app itself. In other words, private browsing that leaves no trace is the default—and indeed the only option.

**Brave (Android, iOS, Windows, macOS)**

Brave gives you a clean, speedy browsing experience.

Brave via David Nield

Brave comes with all the tracking protection features you would expect: Ads are completely blocked, there are tight restrictions on the data that sites can gather through cookies and tracking scripts, and you're always kept informed about what's happening.

The browser comes with an optional built-in VPN, though it costs extra ($10 a month). You can also, if you want, use Brave to access the Tor network we mentioned with the Tor browser and take advantage of its anonymizing relay service that hides your location and browsing data.

There's no doubt about the effectiveness of Brave's tracker-blocking technologies, and getting around the web in Brave is quick and snappy. It's a comprehensive package and one that strikes a well-judged balance between simplicity and power for the majority of users.

Brave has regularly pioneered features related to innovative web technologies, including cryptocurrencies, NFTs, and (most recently) artificial intelligence; there's actually a new AI assistant built into it. In other words, it's not exclusively focused on security and privacy.

**Firefox (Android, iOS, Windows, macOS)**

Firefox is part of a suite of privacy products from Mozilla.

Firefox via David Nield

Firefox has long been at the forefront of online privacy—blocking tracking cookies across sites by default, for example—and it continues to be one of the best options for making sure you're giving away as little data as possible as you make your way across the web.

Firefox also gives you a ton of information on each website you visit regarding the trackers and cookies that pages have attempted to leave, and which ones Firefox has blocked. Permissions for access to your location and microphone can be easily managed as well.

Aside from looking after the interests of its users, Firefox also scores highly for user customization. You can change the look and behavior of the browser in a variety of ways, and there are useful integrations like the built-in Pocket utility that saves web stories on your device so you can read them later.

Firefox developer Mozilla offers plenty of extras, including a free data-breach monitor that tells you when your usernames and passwords may have been exposed somewhere online, a free email alias system to keep your actual email address protected, and a VPN that costs $10 per month. It all adds up to a comprehensive package for keeping you safe online.

**Safari (iOS, macOS)**

Safari has been blocking tracking cookies for some time.

Safari via David Nield

Apple continues to add privacy tech to Safari with each release on iOS and macOS—like requiring user authentication (such as a Face ID scan) when returning to a browsing session—though it's obviously not a browsing option if you're on Android or Windows.

Safari has long been blocking third-party tracking cookies that try to connect the dots on your web activity across multiple sites. It also blocks device fingerprinting techniques that try to identify your devices, and it reports back on the trackers it has disabled.

The browser can now also warn you when you try to use a password that's too weak on a new website or service, and it will make a suggestion of a stronger password if needed. Recent browser updates added support for logging in with passkeys too.

Safari operates against the backdrop of Apple's commitment to collect as little information about you as possible and to keep most of that information locked away locally on your device rather than on Apple's servers.

_Update: April 6, 2024, 8:30 am: This guide was updated to include new guidance for DuckDuckGo and Ghostery, as well as to bring some descriptions of browser providers' data collection policies up to date._

Best Privacy Browsers (2024): Brave, Safari, Ghostery, Firefox, DuckDuckGo

Plus: Microsoft scolded for a “cascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and more.

It’s been a week since the world avoided a potentially catastrophic cyberattack. On March 29, Microsoft developer Andres Freund disclosed his discovery of a backdoor in XZ Utils, a compression tool widely used in Linux distributions and thus countless computer systems worldwide. The backdoor was inserted into the open source tool by someone operating under the persona “Jia Tan” after years of patient work building a reputation as a trustworthy volunteer developer. Security experts believe Jia Tan is the work of a nation-state actor, with clues largely pointing to Russia, although definitive attribution for the attack is still outstanding.

In early 2022, a hacker operating under the name “P4x” took down the internet of North Korea, after the country’s hackers had targeted him. This week, WIRED revealed P4x’s true identity as Alejandro Caceres, a 38-year-old Colombian American. Following his successful attack on North Korea, Caceres pitched the US military on a “special forces”-style offensive hacking team that would carry out operations similar to the one that made P4x famous. The Pentagon eventually declined, but Caceres has launched a startup, Hyperion Gray, and plans to further pursue his controversial approach to cyberwarfare.

In mid-February, millions of people lost internet access after three undersea cables in the Arabian Sea were damaged. Some blamed Houthi rebels in Yemen, who had been attacking ships in the region, but the group denied it had sabotaged the cables. But the rebel attacks are still likely to blame—albeit, in a bizarre way. A WIRED analysis of satellite images, maritime data, and more found that the cables were likely damaged by the trailing anchor of a cargo ship that the Houthi rebels had bombed. The ship drifted for two weeks before finally sinking, crossing paths with the cables at the time they were damaged.

The myth that Google Chrome’s Incognito mode provides adequate privacy protections can finally be put to rest. As part of a settlement over Google’s Incognito privacy claims and practices, the company has agreed to delete “billions” of records collected while users browsed in Incognito mode. It will also further clarify how much user data can be collected by Google and third parties while Incognito is enabled, and take further steps to protect user privacy. There are other privacy-focused browsers that can replace Chrome. But if you’re still using it, make sure to update it to patch some serious security flaws.

But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

A 58-year-old hospital systems administrator pleaded guilty this week to US federal charges after he was caught using another man’s name for more than 30 years. Matthew David Keirans allegedly stole the identity of William Woods in 1988, when the two men worked at a hot dog cart in Albuquerque, New Mexico, according to the US Attorney's Office for the Northern District of Iowa. Over the decades, Keirans obtained employment, bank accounts, loans, and insurance, and paid taxes, under the Woods name. Keirans even had a child whose last name is Woods.

The real William Woods, meanwhile, reportedly learned that someone else was using his identity in 2019. At the time, Woods was unhoused and living in Los Angeles. He contacted a bank where “William Woods” had an account, providing his real Social Security card and California ID card to prove his identity. However, he could not answer the security questions to gain access. The bank called Keirans—who was pretending to be Woods—and Keirans convinced the bank employee that the real Woods should not have access to the accounts. The Los Angeles Police Department then arrested the real Woods and charged him with identity theft after Keirans provided officers with false documents and information.

In a nightmarish twist, during judicial proceedings, the real Woods accurately maintained that “William Donald Woods” was his true identity, prompting the court to order him to a mental institution. The real Woods ultimately spent 428 days in jail and 147 days in a mental hospital before his release.

The real Woods then continued to work to regain his true identity, eventually contacting authorities after learning that Keirans worked at a hospital in Iowa City. Investigators later confirmed the real Woods’ identity after obtaining a DNA test. Confronted with the evidence, Keirans confessed to a series of crimes and now faces a maximum sentence of 32 years in prison, a $1.25 million fine, and five years of supervised release.

**US Review Board Slams Microsoft for ‘Cascade of Avoidable Security Failures’**

The White-House mandated Cyber Safety Review Board issued a scathing report against Microsoft this week, accusing the tech giant of failing to stop a “preventable” intrusion by China-backed hackers of hundreds of Microsoft Exchange Online email accounts. To gain access to email accounts belonging to 22 organizations and 500 individuals worldwide, the hackers, known as Storm-0558, stole a Microsoft cryptographic key. The CSRB report chastises the company for failing to detect “the compromise of its cryptographic crown jewels,” inadequate security practices, and a “corporate culture that deprioritized both enterprise security investments and rigorous risk management,” among a “cascade” of other defeats.

The report also found that Microsoft still does not know how Storm-0558 obtained its key, accusing the company of making false statements after it initially claimed that the key was accidentally included in an April 2021 “crash dump.” The company has since updated its explanation of the intrusion to say that it still does not know how the hackers obtained the key. The CSRB issued 25 recommended steps that Microsoft—a major government contractor whose systems protect highly sensitive information—should take to better protect its systems.

**AI-Generated Lawyers Caught Spewing Fake Legal Threats**

The owner of the website Tedium received legal threats from a nonexistent “law firm” charging the publication with a copyright violation. The thing is, the “lawyers” behind the complaint were AI-generated. The “law firm” accused Tedium of using a photograph without the owner’s consent, and a "copyright infringement" notice offered to supposedly settle the matter, if only Tedium would agree to properly credit the photo’s “owner” and link out to their website. This was, of course, a backlink scam designed to boost the SEO ranking of the fake copyright holder’s page. Only this time, the scam was bolstered by a cast of AI-generated characters: a hot-shot team of young, "skilled lawyers" purportedly specializing in creative rights and commercial law.

**Data Behemoth Enlists Lobbyists Against Effort in US to Limit Deals With Spies**

An internal feud is underway in the US Congress over the fate of a beleaguered spy program called Section 702 and the commercial deals that US intelligence agencies have struck in recent years with global data brokers, purchasing information that government agents typically need a warrant to obtain. Consequently, the UK owner of LexisNexis—an “amalgam of publishers and data brokers, stitched together into a single information giant”—has retained the services of a Washington, DC, lobbying firm to engage with federal lawmakers over “potential privacy, data security, breach notification, data broker, and FISA reform legislation.” Politico reports that the company, RELX, previously used the firm, Venable, to combat privacy legislation aimed at restricting the kinds of personal data companies are allowed to sell to law enforcement.

**‘Weapon Scanners’ Eyed by New York’s Surveillant Mayor Boasts Abysmal Track Record**

New York City mayor Eric Adams is hastening his crusade against subway violence with a plan to test weapons scanners that claim to use artificial intelligence to detect whether commuters are carrying blades and firearms. Documents obtained by Hell Gate reveal what Adams failed to disclose at a press conference last week: that data already in the city’s hands show the technology is only rarely useful. After police officers permitted to carry firearms were factored out of one study at a Bronx hospital, the scanners were found to be accurate less than 1 percent of the time. (All told, more than 85 percent of the time, the scanners cast false suspicion on New Yorkers who were found to be unarmed.) The move by Adams follows New York governor Kathy Hochul’s deployment of hundreds of National Guard soldiers in the city’s subway systems. Adams first addressed a spate of homicides and stabbings across the city in March by sending hundreds of police officers underground to search commuters' bags at well over 100 subway stations—a tactic that roused resistance from a few locals this week who smashed ticket machines and disabled security cameras at a midtown station to protest the surveillance surge.

Identity Thief Lived as a Different Man for 33 Years

As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

Ultimately, Scott argues that those three years of code changes and polite emails were likely not spent sabotaging multiple software projects, but rather building up a history of credibility in preparation for the sabotage of XZ Utils specifically—and potentially other projects in the future. “He just never got to that step because we got lucky and found his stuff,” says Scott. “So that’s burned now, and he’s gonna have to go back to square one.”

**Technical Ticks and Time Zones**

Despite Jia Tan’s persona as a single individual, their yearslong preparation is a hallmark of a well-organized state-sponsored hacker group, argues Raiu, the former Kaspersky lead researcher. So too are the technical hallmarks of the XZ Utils malicious code that Jia Tan added. Raiu notes that, at a glance, the code truly looks like a compression tool. “It’s written in a very subversive manner,” he says. It’s also a “passive” backdoor, Raiu says, so it wouldn’t reach out to a command-and-control server that might help identify the backdoor’s operator. Instead, it waits for the operator to connect to the target machine via SSH and authenticate with a private key—one generated with a particularly strong cryptographic function known as ED448.

The backdoor’s careful design could be the work of US hackers, Raiu notes, but he suggests that’s unlikely, since the US wouldn’t typically sabotage open source projects—and if it did, the National Security Agency would probably use a quantum-resistant cryptographic function, which ED448 is not. That leaves non-US groups with a history of supply chain attacks, Raiu suggests, like China’s APT41, North Korea’s Lazarus Group, and Russia’s APT29.

At a glance, Jia Tan certainly looks East Asian—or is meant to. The time zone of Jia Tan’s commits are UTC+8: That’s China’s time zone, and only an hour off from North Korea’s. However, an analysis by two researchers, Rhea Karty and Simon Henniger, suggests that Jia Tan may have simply changed the time zone of their computer to UTC+8 before every commit. In fact, several commits were made with a computer set to an Eastern European or Middle Eastern time zone instead, perhaps when Jia Tan forgot to make the change.

“Another indication that they are not from China is the fact that they worked on notable Chinese holidays,” say Karty and Henniger, students at Dartmouth College and the Technical University of Munich, respectively. They note that Jia Tan also didn't submit new code on Christmas or New Year's. Boehs, the developer, adds that much of the work starts at 9 am and ends at 5 pm for Eastern European or Middle Eastern time zones. “The time range of commits suggests this was not some project that they did outside of work,” Boehs says.

Though that leaves countries like Iran and Israel as possibilities, the majority of clues lead back to Russia, and specifically Russia’s APT29 hacking group, argues Dave Aitel, a former NSA hacker and founder of the cybersecurity firm Immunity. Aitel points out that APT29—widely believed to work for Russia’s foreign intelligence agency, known as the SVR—has a reputation for technical care of a kind that few other hacker groups show. APT29 also carried out the Solar Winds compromise, perhaps the most deftly coordinated and effective software supply chain attack in history. That operation matches the style of the XZ Utils backdoor far more than the cruder supply chain attacks of APT41 or Lazarus, by comparison.

“It could very well be someone else,” says Aitel. “But I mean, if you’re looking for the most sophisticated supply chain attacks on the planet, that’s going to be our dear friends at the SVR.”

Security researchers agree, at least, that it’s unlikely that Jia Tan is a real person, or even one person working alone. Instead, it seems clear that the persona was the online embodiment of a new tactic from a new, well-organized organization—a tactic that nearly worked. That means we should expect to see Jia Tan return by other names: seemingly polite and enthusiastic contributors to open source projects, hiding a government’s secret intentions in their code commits.

_Updated 4/3/2024 at 12:30 pm ET to note the possibility of Israeli or Iranian involvement._

Source

Wired