Feddit.onlineThe 200+ Sites an ICE Surveillance Contractor is Monitoring | ShadowDragon sources data from all over the web and lets government analysts easily search it and draw connections between people
www.404media.co/the-200-sites-an-ice-surveillan…
A contractor for Immigration and Customs Enforcement (ICE) and many other U.S. government agencies has developed a tool that lets analysts more easily pull a target individual’s publicly available data from a wide array of sites, social networks, apps, and services across the web at once, including Bluesky, OnlyFans, and various Meta platforms, according to a leaked list of the sites obtained by 404 Media. In all the list names more than 200 sites that the contractor, called ShadowDragon, pulls data from and makes available to its government clients, allowing them to map out a person’s activity, movements, and relationships.
ShadowDragon says in marketing material its tools can be used to monitor protests, and claims it found protests around Union Station in Washington DC during a 2023 visit by Benjamin Netanyahu. Daniel Clemens, ShadowDragon’s CEO, previously said on a podcast that protesters should not “be surprised when people are going to investigate you because you made their life difficult.”
“The long list of sites and services that ShadowDragon’s SocialNet tool accesses is a reminder of just how much data is accessible and collected from and about us to provide surveillance services to the government and others,” Jeramie Scott, senior counsel and director the Electronic Privacy Information Center’s (EPIC) Project on Surveillance Oversight, told 404 Media in an email. “SocialNet is just one example of the unchecked surveillance ecosystem that lacks any meaningful transparency, oversight, or accountability that allows the government to circumvent Constitutional and statutory protections to access sensitive personal data,” he added.
The leaked list of targeted sites and services include ones from major tech companies such as Apple, Amazon, Meta, Microsoft, and TikTok. It also includes communication tools like Discord and WhatsApp; activity- or hobby-focused sites like AllTrails, BookCrossing, Chess.com, and cigar review site Cigar Dojo; payment services like Cash App, BuyMeACoffee, and PayPal; sex worker sites OnlyFans and JustForFans; and social networks Bluesky and Telegram. Even relatively obscure social networks are included in the list, such as BeReal.
18 Comments
Comments from other communities
Comments in Privacy [email protected]
ericjmoreyComments in [email protected]
RibbonsIn case it's paywalled for everyone, here's a spreadsheet with the list of sites, credit to SnotFlickerman
Comments in [email protected]
davelPaywall bypass: http://archive.today/2025.03.12-170136/https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/
The list: https://archive.ph/o/Lldzh/https://docs.google.com/spreadsheets/d/1VyAaJaWCutyJyMiTXuDH4D_HHefoYxnbGL9l02kyCus/edit?usp=sharing&ref=404media.co
It doesn’t appear to have any fediverse instances, unless you want to count Threads. It does have ProtonMail & Signal; I wonder what that actually means.
arotriosThanks for the list. Unfortunately, they list "Fediverse" which likely means they're scraping ActivityPub. They're also going after your Steam account, Twitch, YouTube, and porn.
In other words, this is so much worse than the headline makes it out to be.
Surprisingly, Reddit is NOT on the list.
EDIT: I was wrong - thanks to Da Cap’n for the correction.
Here's the full list of names:
4chan Archives
Discord Archives
21Buttons
500px
about.me
AllMyLinks
AllTrails
Amazon
Ameba
Amino
AnimePlanet
Apple Music
Artists&Clients
Asciinema
AudioJungle
AudiUSA
BabyCenter
Baidu
BeReal
Bigo Live
Bing
Biolink
BitChute
BlackPlanet
Blogger
Bluesky
Bodybuilding
BookCrossing
Breaches
BuyMeACoffee
Cash App
CastingCall Club
Chaturbate
Chess.com
Cigar Dojo
CityXGuide
CloutHub
Cocolog
Companies House
Cozy.tv
Cracked
Creema
Dailymotion
Danbooru
Dark Web
DeepL
DeviantArt
Disqus
DLive
Dot.cards
Douyin
Drum
DuckDuckGo
Duolingo
E621
eBay
Eporner
Etsy
Fansly
FastPeopleSearch
Fediverse (likely ActivityPub - possibly DMs between servers)
FetLife
Fiverr
Flickr
FlightAware
Foursquare
FriendFinder
FurAffinity
Gab
Gaia Online
GameFAQs
Gelbooru
GeneralMotors
Geocaching
GeoEstimation
Gettr
Giphy
GitHub
Glassdoor
GoFundMe
Goo
Goodreads
Gravatar
Guancha
GunBroker
Habbo
Hackaday
Hatena
Honda
Hubski
ILoveGrowingMarijuana
ImageShack
Imgur
IMVU
Indeed
Instructables
JudyRecords
Jugem
JustForFans
Keybase
Kick
Kik
Last.fm
LibraryThing
Lichess
Likee
Line
Linktree
LiveIn
LiveJournal
Lobsters
Mail.ru
Malgari
MapMyTracks
Marshmallow
MarTech
Massage Anywhere
Medium
MeetMe
Mercari Jp
MeWe
Minds
Minecraft
Mix
Mixlr
ModDB
Mughosts
MyFitnessPal
Myspace
MySubaru
Naijapals
Nextdoor
NissanUSA
Odysee
OFAC Sanctions List
OkCupid
OK.ru
OnlyFans
Pandia
Pandora
Passes
Pastebin
Patreon
PayPal
PCGamer
Peloton
PGP
Plurk
Poal
Popl
Pornhub
Poshmark
Product Hunt
ProtonMail
PSNProfiles
Reblogme
RedGifs
Replit
ReverbNation
Roblox
Rule34.xxx
Rumble
Rutube
ScoutWiki
Seesaa
Seneporno
Signal
SkipTheGames
Skype
SlideShare
Snapchat
Sogou
SoundCloud
SourceForge
Spiceworks
Spotify
Sprashivai
Steam (fuck off you fucking fucks)
StellantisEU
StellantisUSA
Strava
Stripchat
Substack
TechNet
Telegram
Tellows
Tesseract OCR
Threads
TikTok
Tinder
TinEye
ToyotaUSA
Trakt
Triller
TripAdvisor
TrueCaller
TruthSocial
Tumblr
Twilio
Twitch
Untappd
Venmo
VidLii
Vimeo
Vine
VirusTotal
VK
Volkswagen
VSCO
WatchMeMore
Wire
Wordfeud
Xbox
xHamster
XVideos
Yahoo
Yandex
Yappy
YCombinator
Yelp
YouTube
Zhihu
Zillow
ZoneH
Why tf is PGP, tesseract ocr, and deepl on this list. Deepl is literally just a machine translation service, users don't post onto it. tesseract ocr is a downloadable software for ocr. PGP is encryption.
EveryMuffinIsNowEncryptedProton
Signal
What are they gonna do? Download gibberish?! Lol, it's all end-to-end encrypted with the decryption keys stored locally.
Edit: See below comment by @[email protected]. Shit's still concerning.
Probably just whatever the public metadata is. metadata is super powerful especially if you have a lot of it. if the email was protonmail to protonmail they will get nothing. If it's gmail to protonmail they will know that user X is talking to User Y in gmail. They will also have the email header information which is basically just going to be clear text. so they can still ascertain who you know, who you are talking about, and maybe a bit about what the conversation has to do with.
EDIT: so I asked protonmail directly about it and they confirmed its only publicly available information that they can get. For instance they can try and verify if a certain email address exists. However proton told me that they actively watch for this kind of thing and block IPS trying to do this sort of monitoring.
Oof, yeah I forgot about the metadata... What you say is certainly true and is worrisome.
Plus, most people who use email don't use encrypted email so even if they can't get a transcript of a conversation from my account, they can certainly get everything from the other account if they also scrape that platform.
りん〜Maybe they got access to a backdoor.
.............If that is the case, I...am concerned. o_o
I mean Sweden asked for a backdoor recently. Maybe they're jealous of the US lol
Lol yeah I heard about that. Apparently they also preemptively made post-quantum encryption illegal? Yeah, I don't like the US, but I'm not sure I'd wanna live in Sweden, that's for sure.
Aww man seriously DuckDuckGo is on the list? Ugh... Welp, does anyone know of any good alternatives? (I hear Ecosia's not half-bad...)
Duckduckgo is not the problem. They are using publicly scrapable information. So for instance if they have fingerprinted your device they see you go to duckduckgo, then they see you access a site about buying guns, it becomes trivial to determine what you searched for. They would not have direct access to what you search on duckduckgo and duckduckgo is not giving them access. They are using various methods to collect data based on habits. You can use literally any service you want and they could do the same thing.
If that's true, why bother "monitoring" a search engine? This whole list screams of somebody who knows nothing about tech put out a vague RFP and a contractor pulled a list of "top sites" and used it to justify an egregious proposal cost.
DOGE, if you're looking for waste and fraud, perhaps here's a good source.
They do it all to build up a huge web of interconnected data points. Duckduckgo itself they might take as evidence that someone is trying to hide something. Then the government goes to a FISA court and gets permission to have other tech companies hand over all your data. Its not any one site its the picture that can be gleamed from all the data available across all the sites.
Oh shit.
Well that clears things up. Thanks for the explanation. thumbs-up
Da Cap’nReddit is there.
Surprisingly, Reddit is NOT on the list.
If they’re slurping all these other sites, I highly doubt they’re not slurping Reddit, too, even if it’s not on the list.
Fediverse (likely ActivityPub - possibly DMs between servers)
They would have to hack the individual servers to get at the DMs, because they’re encrypted in transit. All the public stuff is trivial to scrape.
They would have to hack the individual servers to get at the DMs, because they’re encrypted in transit. All the public stuff is trivial to scrape.
Nope, ActivityPub DMs are not encrypted between servers - if it's on the feed, it's public- or at least it was as of six months ago. I found this out when I attached a Wordpress site to a Mastodon instance and suddenly found i could read anyone's DMs to users on other servers. Totally unencrypted. I actually paused development and working with ActivityPub because of it.
This doesn't mean that messages to users on the same server are necessarily exposed, but the potential is there if you don't have a filter for local publishing only engaged on your Mastodon instance.
ActivityPub DMs are not encrypted between servers
It is insofar as TLS/SSL/HTTPS encryption is used in transit. That’s what I mean by encrypted in transit.
i could read anyone’s DMs to users on other servers
If you’re an administrator for (WordPress) ActivityPub server A, you can see all the DMs coming to and leaving from your server, yes. And they’re not encrypted at rest, so you can read them any time. But how would you see DMs going between server B and server C, when your server isn’t involved in the transaction?
It apparently scrapes everything on the public feed. So when I subscribed to users on Mastodon server A from Wordpress, DMs from Mastodon server A going to Mastodon server B became visible.
I had a separate account on Mastodon server A to confirm that I couldn't see these DMs as Mastodon user on server A, and that the Wordpress scrape was grabbing messages normally not meant for public view.
This was using the ActivityPub plugin for Wordpress about six months ago.
EDIT: I should be clear that I was as surprised as the other commentators that the DMs weren't encrypted and that I could see them at all through a 3rd party software. I did NOT see DMs between local users - only cross-instance.
What are they monitoring on Amazon, the fake reviews?
Likely every product any amazon customer ever views. They could potentially even figure out which things you buy. But you can get a pretty clear picture of someone's personality and interests if you know everything they search for.
How would they find that info from the outside, though? Or are you saying they are hooked into Amazon's internal data harvesting ecosystem?
Not really necessary people make DNS requests which are pretty easy to track if you know what URL was requested that will be the exact product. This can all be done by man in the middle and monitoring network traffic. But even that is sort of unnecessary. They could very possibly have contracts with ISPs or other network operators some of that is likely just secret and they dont disclose it.
Comments in [email protected]
They are not only pulling data from all the x sites in the list, also pulling something else in the meantime
Tesseract OCR is Open Source Software. How can it be a site that they steal information from?
I hope you'll update us if you chase this down. I like 404 Media and I want to keep liking them, but only if the reporting is good. Hopefully it's a typical tech journalism mistranslation where they use Tesseract OCR to scrape PDFs and the author just misunderstood, or something like that.
Edit: after looking, I don't have any issues. Looks like just a raw list from whatever source, I don't need 404 Media to try to "curate" that or remove elements that seem irrelevant, they can leave that to us.
gAlienLifeformGood question I don't have the answer to. I could speculate that this is all likely being sourced from some sort of marketing material that ShadowDragon put out where they just flatly say they're gathering this information from Tesseract, and in reality they're actually gathering any information they can on users who search for this software and download this software, but like I said I'm speculating.
If you're really interested, I would say you should email the author of this article, reach out to Tesseract's development team, or find a way to get a subpoena against ShadowDragon and/or ICE
Archive.is is not working for me, is there another you can archive to?
Sorry to hear that, try this one
https://docs.google.com/spreadsheets/u/0/d/1VyAaJaWCutyJyMiTXuDH4D_HHefoYxnbGL9l02kyCus/htmlview?pli=1
"Fediverse" is listed though. Does that include all of the federated services or just a few?
It also says "Dark Web." They might be trying to not tip their hand by mentioning specific sites or someone from Marketing wrote the list.
Good question. In a way, the Fedi is a bit like the Storm Area 51 flashmob joke: "they can't catch all of us!"
The diversified instances may make it harder to track every server and every individual.
Sooo the party against a surveillance state creates a surveillance state. Am i getting this right?
This has nothing to do with the brain dead politics... This garden variety regime behavior that has been happening since at least patriot act
What would you like me to say, "Encourages the innovative surveillance state so long as it fits their agenda"?
which was signed into effect by which party again?
Pathetic level of critical thinking...
That was my point.
Correct, both parties worked together to make this happen ;)
Why... the two chess websites? That seems really random. I know chess has boomed within the past 5 years, but really? Both of them?
Reminds me of how Garry Kasparov fled Russia a decade ago.
You must have missed the Bush era/Snowden era:
https://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance
Let me reiterate this part: the NSA considers Linux Journal an "extremist forum".
I guess my interest in not wanting ads shoved down my throat or not wanting to deal with Microsoft anymore makes me an extremist.
The seeds for this were planted long ago.
Deleted by author
It seems only fair that this contractor's method of income be known to their family, friends and community?
Since this is a private company, could the internet theoretically flood them with so many GDPR takedown requests (since they're undoubtedly getting data from foreign citizens) and takedown requests around California, Colorado, and other state's laws that they couldn't handle the influx and he gears would be gummed up to hell... in Minecraft?
Whenever I see a vest that says POLICE ICE on it, I always think that whoever ordered them had a stutter.