This is a news item roundup of privacy or privacy-related news items for 2 MAR 2025 - 8 MAR 2025. Information and summaries provided here are as-is for warranty purposes.

Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed.

Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories.

Privacy Tip of the Week

Most times sending sensitive information over email is not advised. If possible, considerable sending the information over a messenger instead; ideally, you'll want to use end-to-end encrypted secure messenger for this.

Surveillance Tech in the News

This section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy.

How Google tracks Android device users before they've even opened an app

The Register

An academic researcher shows how Google tracks Android users before they open or interact with Apps. Various mechanisms, such as a DSID cookie and the use of a Google Android ID, enables Google to perform this. In the case of the DSID cookie, which is created and stored after the user logs into their Google account on the Android device, there is no opt-out and user consent is dubious at best.

TikTok investigated over use of children's data

BBC News

Not US-based, but worth being aware of.

A UK-based data watchdog will investigate whether TikTok's data collection practices that could lead to children experiencing harms. This investigation stems from TikTok's algorithm stemming from personal data collected from user's activity on the platform.

This investigation will also look into age verification processes of Reddit and Imgur for UK law compliance.

Apple reportedly challenges the UK’s secretive encryption crackdown

The Verge

This is a continuation of the Apple vs. UK saga, which saw Apple withdrawing Advanced Data Protection (ADP) availability from users in the UK. Apple has reportedly filed an appeal with the UK's "backdoor" order, which would have saw the compromise of iCloud accounts - whether they were using ADP or not - for Apple users.

Uncle Sam mulls policing social media of all would-be citizens

The Register

USCIS is considering monitoring people in America currently going through an immigration or citizenship process - this is in addition to monitoring social media posts of non-citizens entering the country.

Privacy Tools and Services

Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com

Privacy Tools

Firefox Release 136.0

Firefox Release Notes

With Firefox Release 136.0, Mozilla has introduced:

• Vertical tabs
• Separation of clearing browsing data and cookies from saved form information
• Upgrading page loads to HTTPS by default, fallback to HTTP if a secure connection cannot be established
• Smartblock Embeds, which allow users to unblock social media embeds that may be blocked in Enhanced Tracking Protection and Private Browsing modes.

KeePassXC 2.7.10 released

KeePassXC

Version 2.7.10 of KeePassXC introduces features such as a Proton Pass importer and user requested feature of adjusting the application font size.

Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying

EFF

The EFF introduces Rayhunter, an open source project developed to run on an Orbic mobile hotspot. Rayhunter intercepts, stores, and analyzes control traffic between the mobile hotspot Rayhunter runs on and the connected cell tower.

Rayhunter's goal is to fill the large gaps in understanding CSS (Stingrays or IMSY catchers) and their prevalence. For reference, Stingrays are devices that mimic legitimate cellphone towers - ultimately, they trick cellphones into connecting to the Stingray device rather than the legitimate tower.

Thunderbird for Android January/February 2025 Progress Report

Thunderbird Blog

In its January/February 2025 progress report, Thunderbird announces its plans to rollout account drawer improvements on Android, improving notifications and error states, and rolling out plans for a Thunderbird iOS app.

Kagi begins development of Orion Browser for Linux

AlternativeTo

Kagi begins development of the Orion browser for Linux (it is currently available only for macOS).

Tails 6.13

Tails

Tails version 6.13 introduces Wi-Fi bug fixes and addresses problems Tails may have with partitioning for persistent storage.

Privacy Services

DAITA bug in iOS app versions 2025.1 and 2025.2

Mullvad

Mullvad has disclosed a bug in their iOS app related to DAITA and multihop in certain app versions. The bug is that the app falsely reports that DAITA is in use when it isn't. Mullvad is working on a fix as of writing.

Private, Useful, and Optional AI: DuckDuckGo offers free access to popular AI chatbots at Duck.ai and expands AI-assisted answers on its search engine

Spread Privacy (DuckDuckGo Blog)

DuckDuckGo makes improvements to its Duck.ai. According to DuckDuckGo, when AI answers are generated, the service "anonymously" calls AI models to summarize web sources.

1Password is making it easier to find passwords based on your location

The Verge

1Password adds the ability to include location for saved passwords and other items.

Vulnerabilities and Malware

Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.

This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.

Vulnerabilities

CISA tags Windows, Cisco vulnerabilities as actively exploited

Bleeping Computer

While most users and small businesses probably aren't running Cisco equipment... the important CVE here affects Windows.

CVE-2018-8639. A Win32k privelege escalation flaw. Local attackers logged into the target system can exploit this flaw to run arbitrary code in kernel mode; this could allow them to create rogue accounts with full user rights. This vulnerability is known to be exploited in the wild (hence the addition to CISA's KEV).

Android security update contains 2 actively exploited vulnerabilities

Cyberscoop

Google's Android March security update fixes 43 vulnerabilities affecting Android, including 2 vulnerabilities confirmed to be exploited in the wild. According to Google, these vulnerabilities are under "limited, targeted exploitation."

CVE-2024-43093. This was added to CISA's known exploited vulnerability catalog (KEV) in NOV 2024. This is a privilege escalation vulnerability in Android framework that when exploited could allow attackers to gain local escalation of privilege.

CVE-2024-50302. A use of uninitialized resource in the Linux Kernel driver for Human Interface Devices (HID). A specially crafted report could leak kernel memory. This CVE is in connection with the exploit Serbian authorities used to break into an Android device of a protester.

Note: Pixel devices receive these updates first. Other Android manufacturers rollout these updates at a slower pace. Whether these updates are available depends on your device manufacturer.

Malware

Nearly 1 million Windows devices targeted in advanced “malvertising” spree

ArsTechnica

Covers research performed by Microsoft. In this campaign, threat actors leveraged malvertising to target nearly 1 million Windows devices. The links in the malicious ads pointed to intermediary sites (cloaking, avoiding detection), which ultimately pointed to malicious repositories hosted on GitHub.

The malware loaded on infected hosts in four stages. The malware stole login credentials, drained cryptocurrency wallets, and exfiltrated sensitive data from the infected system.

YouTubers extorted via copyright strikes to spread malware

Bleeping Computer

Threat actors are sending fake copyright claims to YouTube content creators. The threat actors threaten that non-compliance will result in YouTube strikes (which could lead to a channel ban on YouTube).

The goal is to get YouTube content creators to add links to their videos and channels that point to GitHub repo hosting trojanized versions of Windows Packet Divert tools, which call a cryptominor onto the system instead.

Malicious Chrome extensions can spoof password managers in new attack

Bleeping Computer

A "polymorphic" attack allowing malicious Chrome extensions to mimic other browser extensions to steal sensitive information.

1. Submit malicious extension to the Chrome Web Store
2. Get list of currently installed extensions via the chrome.management API, which it asks for access to during installation.
3. The list of installed extensions is send back to the C2 server
4. Is there a match? If so, attackers would push the malicious extensions to "morph" into the targeted one

Phishing and Scams

Covers popular phishing schemes affecting end users - smishing, vishing, and any new scam/phish tactics for deceiving end users. May overlap some with malware, but focuses more on the phishing tactics than details on a malware delivery/campaign information.

Phishing

Deepfake Videos of YouTube CEO Phish Creators

darkreading

Threat actors/scammers are sharing false, deepfake videos of YouTube CEO Neal Mohan. The campaign primarily targets YouTube content creators, likely in attempt to entice them to visit malicious websites or downloading malware in an attempt to compromise their accounts and device(s).

Phishing Campaign Uses Havoc Framework to Control Infected Systems

Infosecurity Magazine

Threat actors are using modified versions of Havoc Demon Agent (alongside Microsoft Graph API) to control infected systems using SharePoint. Microsoft services are often trusted, which complicates detection.

Simple Phish Bait: EFF Is Not Investigating Your Albion Online Forum Account

EFF

A phishing campaign imitating the EFF has been observed targeting users of the Albion Online forum. The goal appears to get users to download a malicious PDF file.

PayPal scam abuses Docusign API to spread phishy emails

MalwareBytes

PayPal scammers are abusing the Docusign API to send emails that come from genuine accounts, using templates provided by Docusign to send out invoices that appear to be from PayPal.

Service Providers' Privacy Practices

This section is dedicated to notable changes or developments in popular/large service provider's privacy practices.

Service providers listed here are not necessarily "privacy-focused," but may have privacy practice changes positively (ex: adopting end-to-end encryption for messaging or) or negatively (ex: increased sharing of data with affiliates) affecting a large amount of users.

New AI-Powered Scam Detection Features to Help Protect You on Android

Google Security Blog

Google has started using AI to detect likely scams in calls and text messages. Google claims the processing of call and message data is entirely on-device. I included it here mostly because of the privacy concerns that surround incorporating AI.

Google Gemini wants to read your search history

Digital Trends

With the introduction of its new Gemini Personalization model, Gemini wants access to your Google Search history. While Google already has access to your Google Search history (naturally), this appears to let Gemini's model to enable the chatbot to provide more "relevant responses."

Reddit will start warning users that upvote violent content

MalwareBytes

It should be no surprise that on a platform like Reddit, your upvotes are watched. Specifically in this case, a Reddit administrator has announced that Reddit will begin sending warnings to users upvoting "violent content." As of writing, the new enforcement action will be limited to users "regularly" upvoting violent content.

Data Breaches and Leaks

Generally covers large data breaches (or data leaks) exposing sensitive information of users - typically the focus is on US companies and on data breaches affecting primarily US citizens, though some exceptions are made depending on potential impact and scale.

Will not cover every data breach, naturally, due to frequency and scale.

Data breaches

Many Schools Report Data Breach After Retirement Services Firm Hit by Ransomware

SecurityWeek

The source is the problem is a breach (ransomware attack) suffered by Carruth Compliance Consulting, which provides administrative services to public school districts and non-profit orgs for retirement savings plans. The breach originally occurred in DEC 2024.

Carruth was unable to identify affected individuals, but the number of impacted organizations spans dozens of school districts and colleges across multiple states.

According to Carruth, compromised information includes:

• Names
• Social security numbers
• Financial account information
• Driver's license numbers
• Medical billing information
• W-2 information
• Tax filings