Feddit.onlineThe 200+ Sites ICE Surveillance Contractor ShadowDragon is Monitoring
gAlienLifeformwww.404media.co/the-200-sites-an-ice-surveillan…
A contractor for Immigration and Customs Enforcement (ICE) and many other U.S. government agencies has developed a tool that lets analysts more easily pull a target individual’s publicly available data from a wide array of sites, social networks, apps, and services across the web at once, including Bluesky, OnlyFans, and various Meta platforms, according to a leaked list of the sites obtained by 404 Media. In all the list names more than 200 sites that the contractor, called ShadowDragon, pulls data from and makes available to its government clients, allowing them to map out a person’s activity, movements, and relationships.
Article archived at https://archive.is/xJcrm
Alternate archive at https://web.archive.org/web/20250312132300/https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/
List of sites at https://docs.google.com/spreadsheets/d/1VyAaJaWCutyJyMiTXuDH4D_HHefoYxnbGL9l02kyCus/edit?ref=404media.co&gid=0#gid=0
List archived at https://archive.is/k2icM
8 Comments
Comments from other communities
Comments in [email protected]
Snot Flickerman
"Fediverse" is listed though. Does that include all of the federated services or just a few?
It also says "Dark Web." They might be trying to not tip their hand by mentioning specific sites or someone from Marketing wrote the list.
Good question. In a way, the Fedi is a bit like the Storm Area 51 flashmob joke: "they can't catch all of us!"
The diversified instances may make it harder to track every server and every individual.
Sooo the party against a surveillance state creates a surveillance state. Am i getting this right?
This has nothing to do with the brain dead politics... This garden variety regime behavior that has been happening since at least patriot act
What would you like me to say, "Encourages the innovative surveillance state so long as it fits their agenda"?
Semperveruswhich was signed into effect by which party again?
Pathetic level of critical thinking...
The next day, October 24, the Act passed the House by a vote of 357–66,[6] with Democrats comprising the overwhelming majority of "no"-votes. The three Republicans voting "no" were Robert Ney of Ohio, Butch Otter of Idaho, and Ron Paul of Texas. On October 25, the Act passed the Senate with a vote of 98–1. Russ Feingold (D-WI) voted "no".[7] On October 26, then US President George Bush signed the Patriot Act into law.
That was my point.
Why... the two chess websites? That seems really random. I know chess has boomed within the past 5 years, but really? Both of them?
You must have missed the Bush era/Snowden era:
A new story published on the German site Tagesschau and followed up by BoingBoing and DasErste.de has uncovered some shocking details about who the NSA targets for surveillance including visitors to Linux Journal itself.
While that is troubling in itself, even more troubling to readers on this site is that linuxjournal.com has been flagged as a selector! DasErste.de has published the relevant XKEYSCORE source code, and if you look closely at the rule definitions, you will see linuxjournal.com/content/linux* listed alongside Tails and Tor. According to an article on DasErste.de, the NSA considers Linux Journal an "extremist forum". This means that merely looking for any Linux content on Linux Journal, not just content about anonymizing software or encryption, is considered suspicious and means your Internet traffic may be stored indefinitely.
One of the biggest questions these new revelations raise is why. Up until this point, I would imagine most Linux Journal readers had considered the NSA revelations as troubling but figured the NSA would never be interested in them personally. Now we know that just visiting this site makes you a target. While we may never know for sure what it is about Linux Journal in particular, the Boing Boing article speculates that it might be to separate out people on the Internet who know how to be private from those who don't so it can capture communications from everyone with privacy know-how. If that's true, it seems to go much further to target anyone with Linux know-how.
Let me reiterate this part: the NSA considers Linux Journal an "extremist forum".
I guess my interest in not wanting ads shoved down my throat or not wanting to deal with Microsoft anymore makes me an extremist.
The seeds for this were planted long ago.
It seems only fair that this contractor's method of income be known to their family, friends and community?
Since this is a private company, could the internet theoretically flood them with so many GDPR takedown requests (since they're undoubtedly getting data from foreign citizens) and takedown requests around California, Colorado, and other state's laws that they couldn't handle the influx and he gears would be gummed up to hell... in Minecraft?
Whenever I see a vest that says POLICE ICE on it, I always think that whoever ordered them had a stutter.
Comments in Privacy [email protected]
ericjmoreyComments in [email protected]
RibbonsIn case it's paywalled for everyone, here's a spreadsheet with the list of sites, credit to SnotFlickerman
Comments in United States | News & [email protected]
TacoButtPlugMy piece of shit job firewall won't let me see the list. edit: used a proxy. Fuck these assholes. Surprised they have so many names. Shocked if their inbred nazi boomer asses will actually know how to use any of them.
davelPaywall bypass: http://archive.today/2025.03.12-170136/https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/
The list: https://archive.ph/o/Lldzh/https://docs.google.com/spreadsheets/d/1VyAaJaWCutyJyMiTXuDH4D_HHefoYxnbGL9l02kyCus/edit?usp=sharing&ref=404media.co
It doesn’t appear to have any fediverse instances, unless you want to count Threads. It does have ProtonMail & Signal; I wonder what that actually means.
Comments in [email protected]
Paywall bypass: http://archive.today/2025.03.12-170136/https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/
The list: https://archive.ph/o/Lldzh/https://docs.google.com/spreadsheets/d/1VyAaJaWCutyJyMiTXuDH4D_HHefoYxnbGL9l02kyCus/edit?usp=sharing&ref=404media.co
It doesn’t appear to have any fediverse instances, unless you want to count Threads. It does have ProtonMail & Signal; I wonder what that actually means.
arotriosThanks for the list. Unfortunately, they list "Fediverse" which likely means they're scraping ActivityPub. They're also going after your Steam account, Twitch, YouTube, and porn.
In other words, this is so much worse than the headline makes it out to be.
Surprisingly, Reddit is NOT on the list.
EDIT: I was wrong - thanks to Da Cap’n for the correction.
Here's the full list of names:
4chan Archives
Discord Archives
21Buttons
500px
about.me
AllMyLinks
AllTrails
Amazon
Ameba
Amino
AnimePlanet
Apple Music
Artists&Clients
Asciinema
AudioJungle
AudiUSA
BabyCenter
Baidu
BeReal
Bigo Live
Bing
Biolink
BitChute
BlackPlanet
Blogger
Bluesky
Bodybuilding
BookCrossing
Breaches
BuyMeACoffee
Cash App
CastingCall Club
Chaturbate
Chess.com
Cigar Dojo
CityXGuide
CloutHub
Cocolog
Companies House
Cozy.tv
Cracked
Creema
Dailymotion
Danbooru
Dark Web
DeepL
DeviantArt
Disqus
DLive
Dot.cards
Douyin
Drum
DuckDuckGo
Duolingo
E621
eBay
Eporner
Etsy
Fansly
FastPeopleSearch
Fediverse (likely ActivityPub - possibly DMs between servers)
FetLife
Fiverr
Flickr
FlightAware
Foursquare
FriendFinder
FurAffinity
Gab
Gaia Online
GameFAQs
Gelbooru
GeneralMotors
Geocaching
GeoEstimation
Gettr
Giphy
GitHub
Glassdoor
GoFundMe
Goo
Goodreads
Gravatar
Guancha
GunBroker
Habbo
Hackaday
Hatena
Honda
Hubski
ILoveGrowingMarijuana
ImageShack
Imgur
IMVU
Indeed
Instructables
JudyRecords
Jugem
JustForFans
Keybase
Kick
Kik
Last.fm
LibraryThing
Lichess
Likee
Line
Linktree
LiveIn
LiveJournal
Lobsters
Mail.ru
Malgari
MapMyTracks
Marshmallow
MarTech
Massage Anywhere
Medium
MeetMe
Mercari Jp
MeWe
Minds
Minecraft
Mix
Mixlr
ModDB
Mughosts
MyFitnessPal
Myspace
MySubaru
Naijapals
Nextdoor
NissanUSA
Odysee
OFAC Sanctions List
OkCupid
OK.ru
OnlyFans
Pandia
Pandora
Passes
Pastebin
Patreon
PayPal
PCGamer
Peloton
PGP
Plurk
Poal
Popl
Pornhub
Poshmark
Product Hunt
ProtonMail
PSNProfiles
Reblogme
RedGifs
Replit
ReverbNation
Roblox
Rule34.xxx
Rumble
Rutube
ScoutWiki
Seesaa
Seneporno
Signal
SkipTheGames
Skype
SlideShare
Snapchat
Sogou
SoundCloud
SourceForge
Spiceworks
Spotify
Sprashivai
Steam (fuck off you fucking fucks)
StellantisEU
StellantisUSA
Strava
Stripchat
Substack
TechNet
Telegram
Tellows
Tesseract OCR
Threads
TikTok
Tinder
TinEye
ToyotaUSA
Trakt
Triller
TripAdvisor
TrueCaller
TruthSocial
Tumblr
Twilio
Twitch
Untappd
Venmo
VidLii
Vimeo
Vine
VirusTotal
VK
Volkswagen
VSCO
WatchMeMore
Wire
Wordfeud
Xbox
xHamster
XVideos
Yahoo
Yandex
Yappy
YCombinator
Yelp
YouTube
Zhihu
Zillow
ZoneH
Why tf is PGP, tesseract ocr, and deepl on this list. Deepl is literally just a machine translation service, users don't post onto it. tesseract ocr is a downloadable software for ocr. PGP is encryption.
EveryMuffinIsNowEncryptedProton
Signal
What are they gonna do? Download gibberish?! Lol, it's all end-to-end encrypted with the decryption keys stored locally.
Edit: See below comment by @[email protected]. Shit's still concerning.
Probably just whatever the public metadata is. metadata is super powerful especially if you have a lot of it. if the email was protonmail to protonmail they will get nothing. If it's gmail to protonmail they will know that user X is talking to User Y in gmail. They will also have the email header information which is basically just going to be clear text. so they can still ascertain who you know, who you are talking about, and maybe a bit about what the conversation has to do with.
EDIT: so I asked protonmail directly about it and they confirmed its only publicly available information that they can get. For instance they can try and verify if a certain email address exists. However proton told me that they actively watch for this kind of thing and block IPS trying to do this sort of monitoring.
Oof, yeah I forgot about the metadata... What you say is certainly true and is worrisome.
Plus, most people who use email don't use encrypted email so even if they can't get a transcript of a conversation from my account, they can certainly get everything from the other account if they also scrape that platform.
りん〜Maybe they got access to a backdoor.
.............If that is the case, I...am concerned. o_o
I mean Sweden asked for a backdoor recently. Maybe they're jealous of the US lol
Lol yeah I heard about that. Apparently they also preemptively made post-quantum encryption illegal? Yeah, I don't like the US, but I'm not sure I'd wanna live in Sweden, that's for sure.
Aww man seriously DuckDuckGo is on the list? Ugh... Welp, does anyone know of any good alternatives? (I hear Ecosia's not half-bad...)
Duckduckgo is not the problem. They are using publicly scrapable information. So for instance if they have fingerprinted your device they see you go to duckduckgo, then they see you access a site about buying guns, it becomes trivial to determine what you searched for. They would not have direct access to what you search on duckduckgo and duckduckgo is not giving them access. They are using various methods to collect data based on habits. You can use literally any service you want and they could do the same thing.
If that's true, why bother "monitoring" a search engine? This whole list screams of somebody who knows nothing about tech put out a vague RFP and a contractor pulled a list of "top sites" and used it to justify an egregious proposal cost.
DOGE, if you're looking for waste and fraud, perhaps here's a good source.
They do it all to build up a huge web of interconnected data points. Duckduckgo itself they might take as evidence that someone is trying to hide something. Then the government goes to a FISA court and gets permission to have other tech companies hand over all your data. Its not any one site its the picture that can be gleamed from all the data available across all the sites.
Oh shit.
Well that clears things up. Thanks for the explanation. thumbs-up
Da Cap’nReddit is there.
Surprisingly, Reddit is NOT on the list.
If they’re slurping all these other sites, I highly doubt they’re not slurping Reddit, too, even if it’s not on the list.
Fediverse (likely ActivityPub - possibly DMs between servers)
They would have to hack the individual servers to get at the DMs, because they’re encrypted in transit. All the public stuff is trivial to scrape.
They would have to hack the individual servers to get at the DMs, because they’re encrypted in transit. All the public stuff is trivial to scrape.
Nope, ActivityPub DMs are not encrypted between servers - if it's on the feed, it's public- or at least it was as of six months ago. I found this out when I attached a Wordpress site to a Mastodon instance and suddenly found i could read anyone's DMs to users on other servers. Totally unencrypted. I actually paused development and working with ActivityPub because of it.
This doesn't mean that messages to users on the same server are necessarily exposed, but the potential is there if you don't have a filter for local publishing only engaged on your Mastodon instance.
ActivityPub DMs are not encrypted between servers
It is insofar as TLS/SSL/HTTPS encryption is used in transit. That’s what I mean by encrypted in transit.
i could read anyone’s DMs to users on other servers
If you’re an administrator for (WordPress) ActivityPub server A, you can see all the DMs coming to and leaving from your server, yes. And they’re not encrypted at rest, so you can read them any time. But how would you see DMs going between server B and server C, when your server isn’t involved in the transaction?
It apparently scrapes everything on the public feed. So when I subscribed to users on Mastodon server A from Wordpress, DMs from Mastodon server A going to Mastodon server B became visible.
I had a separate account on Mastodon server A to confirm that I couldn't see these DMs as Mastodon user on server A, and that the Wordpress scrape was grabbing messages normally not meant for public view.
This was using the ActivityPub plugin for Wordpress about six months ago.
EDIT: I should be clear that I was as surprised as the other commentators that the DMs weren't encrypted and that I could see them at all through a 3rd party software. I did NOT see DMs between local users - only cross-instance.
What are they monitoring on Amazon, the fake reviews?
Likely every product any amazon customer ever views. They could potentially even figure out which things you buy. But you can get a pretty clear picture of someone's personality and interests if you know everything they search for.
How would they find that info from the outside, though? Or are you saying they are hooked into Amazon's internal data harvesting ecosystem?
Not really necessary people make DNS requests which are pretty easy to track if you know what URL was requested that will be the exact product. This can all be done by man in the middle and monitoring network traffic. But even that is sort of unnecessary. They could very possibly have contracts with ISPs or other network operators some of that is likely just secret and they dont disclose it.
They are not only pulling data from all the x sites in the list, also pulling something else in the meantime
Tesseract OCR is Open Source Software. How can it be a site that they steal information from?
I hope you'll update us if you chase this down. I like 404 Media and I want to keep liking them, but only if the reporting is good. Hopefully it's a typical tech journalism mistranslation where they use Tesseract OCR to scrape PDFs and the author just misunderstood, or something like that.
Edit: after looking, I don't have any issues. Looks like just a raw list from whatever source, I don't need 404 Media to try to "curate" that or remove elements that seem irrelevant, they can leave that to us.
Good question I don't have the answer to. I could speculate that this is all likely being sourced from some sort of marketing material that ShadowDragon put out where they just flatly say they're gathering this information from Tesseract, and in reality they're actually gathering any information they can on users who search for this software and download this software, but like I said I'm speculating.
If you're really interested, I would say you should email the author of this article, reach out to Tesseract's development team, or find a way to get a subpoena against ShadowDragon and/or ICE
I hate this timeline.
Archive.is is not working for me, is there another you can archive to?
Sorry to hear that, try this one
https://web.archive.org/web/20250312132300/https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/
Much appreciated