Its dangerous and its going to erode : redesign of US government websites stokes fears administration The Guardian
The National Design Studio, staffed by veterans, installed visitor-tracking software on vital federal websites
"Verboten werden mssen Schulen, die Medienkonsum vermitteln!" - Bosetti
The White House's National Design Studio has also built or taken control of websites that belong,
by law or by convention,
to other federal agencies.
The sites handle some of the most sensitive personal information Americans give to the government.
Passports.gov is now run from inside the White House,
not from the state department.
The state department operates US passport services through its existing site at travel.state.gov.
The studios version collects identity information from people applying for passports.
It carries no privacy notice.
Developer test code was left running on the live page.
In response to a request for comment,
a state department spokesperson wrote:
The Department of State is working closely with the White House to deliver the best possible service for our passport customers
while safeguarding US national security.
They added:
US passport books and passport cards
and the programs and websites that support them
represent the gold standard in secure international travel documents,
underpinned by state-of-the-art security and technology.
They referred additional questions to the White House.
Trumpaccounts.gov is the federal website for the childrens investment programme created in last summers tax legislation.
The treasury department, which administers the programme,
is the registrant of record for the site.
But the site itself runs through the same White House-controlled commercial account as the studios own sites:
ndstudio.gov,
the prescription-drug site trumprx.gov,
the food-policy site realfood.gov
and others.
The treasury department did not respond to a request for comment.
Login.gov is the federal sign-in gateway that more than 150 million Americans use to access services from social security to tax filing.
The studios preview of vote.gov,
described in the previous post,
uses Login.gov to verify the identities of visitors.
The Guardian contacted the General Services Administration (GSA), which operates Login.gov, for comment.
A spokesperson replied in an email:
Login.gov is committed to the highest standards of privacy, transparency, and security.
Our Privacy Impact Assessment was most recently reviewed in March 2026.
All personnel supporting Login.gov,
including detailees,
are required to comply with applicable GSA policies, security requirements, privacy controls, and governance processes.
The NDS, meanwhile, seems to be expanding its footprint across more government websites.
In late May, three new addresses tied to the NDS appeared in the public records:
chat.staging.ndstudio.gov,
onboarding.ndstudio.gov
and upload.ndstudio.gov.
Some of the NDSs work is even more opaque,
including an apparent redesign of the federal governments voting registration hub.
A sign-in page run by the studio on a White House-controlled web address carries the title
Log in to vote.gov preview.
Above the password field is a notice: For official use only. Actions will be recorded in accordance with applicable law.
Vote.gov is a federal voter registration website.
By law it belongs to the Election Assistance Commission (EAC),
an independent, bipartisan body that Congress established in 2002 after the disputed 2000 election.
Congress created the commission specifically so no sitting president would control the federal voter-registration system.
The studios version has been live on White House systems since
17 September 2025, according to public records of secure web addresses.
Late last year, the NDS began presenting its system to state election directors.
The first such briefing, on 17 October, was on a call of the National Association of State Election Directors (NASED).
Call notes summarising the meeting record members representing states of both parties expressing
serious concerns with this project not complying with state law
and noting that
the developers do not seem to want to spend the time to understand election official concerns.
Brianna Schletz,
the Election Assistance Commissions executive director,
reportedly told state directors on the same call that the conversations were informal,
and that commissioners would later vote on whether to stay involved.
No record of any such vote has since appeared in the commissions public proceedings.
Asked for comment by the Guardian,
a NASED spokesperson, Amy Cohen,
confirmed by email that
NASED held a call in October joined by representatives from the National Design Studio and members of the EAC leadership team.
Cohen added:
NASED does not have a position on this project.
NASED has had no further communication with the National Design Studio on this or any other project
both NASED as an organization and our members in their individual capacities engage with the EAC regularly about a variety of different topics and projects.
Six days after the
17 October meeting,
on 23 October,
a National Design Studio engineer, Akash Bobba,
reportedly briefed the system on a recorded conference call organised by the
National Association of Secretaries of State.
Under the studios design, voters would be required to verify their identity through Login.gov,
the federal sign-in gateway,
and to have their citizenship checked against a database run by the Department of Homeland Security.
Asked on the call what the federal government would retain of the personal information voters entered into the system,
Bobba reportedly said that
clear data retention policies would be given to states ahead of implementation,
but conceded:
I dont know what they retain and what they are logging.
The Election Assistance Commission has been part of the discussions.
Its chair, Donald Palmer, reportedly said the commission was
facilitating discussion with state election officials on modernizing an accessible tool to provide a verifiable digital registration option.
The Guardian contacted the Election Assistance Commission for comment but received no response.
The EPICs Davisson said:
With vote.gov, thats the province of the Election Assistance Commission.
But if youre centralizing that in the White House, the White House is going to have sort of access to that backbone of data.
He added:
Doing that outside of the appropriate channels,
I think, is definitely going to
its dangerous
and its going to erode trust.
The Help America Vote Act of 2002 put
voter-registration administration under an independent bipartisan commission,
structurally outside the reach of any sitting president.
The studios version appears to collapse this arms-length arrangement.
The Guardian has not seen what is on the other side of the sign-in,
but published Cisa records show who runs the system it lives on,
which is under White House control.
The commission Congress put in charge of vote.gov has not decided to formally participate in the initiative.
The build itself is on White House systems.
A 2002 federal law,
the E-Government Act,
requires any federal agency that collects personal information through a website to first publish a written privacy impact assessment
explaining what it collects and where the information goes.
The Privacy Act of 1974 requires a separate, parallel public notice,
a system of records notice,
describing the records the agency keeps.
A 2010 office of management and budget memorandum extended both requirements to federal agencies use of commercial
web-tracking tools, including the kind that PostHog provides.
The Guardian could find no such filings for the studios web-tracking layer.
None of the four sites carry a privacy impact assessment naming PostHog or describing the IP addresses and on-site activity the tool collects.
None of the four are covered by a system of records notice that addresses what is collected or where it goes.
The one published privacy instrument that relates to any of the four programmes,
a treasury notice for the Trump Accounts programme,
describes how the childrens-investment programme is administered
but does not name PostHog and does not describe the tracking on trumpaccounts.gov at all.
Davisson, the EPIC attorney,
called the studios failure to publish such a notice
a pretty clearcut violation of section 208 of the E-Government Act,
adding: Theres just no suggestion that theyre trying to comply in good faith with any of their obligations when it comes to the collection of personal information.
Its not known what data was collected from users of the government websites while the tools were live,
whether it was retained
and who has custody of the data.
The use of commercial tools on the sites departs from federal web-team conventions.
Davisson, the senior counsel at the EPIC, described the studios work as
trying to establish their own sort of fly-by-night version of what federal agencies normally do with added tracking technologies
and less oversight.
This is most apparent in the NDSs employment of user tracking prior to outreach from the Guardian,
such that when a member of the public visited one of the studios federal websites,
a commercial tool called PostHog recorded what they did on the page.
PostHogs session-recording feature,
which can replay every click, scroll and keystroke of a visitors time on a webpage,
is installed in the code of all four sites and enabled on two of them.
On the remaining two, the recording is held inactive only by a single setting inside PostHogs dashboard,
which can be changed by whoever controls the website at any time.
The Guardian emailed PostHog for comment on its apparent provision of tracking tools to the NDS, but received no response.
Adblockers and similar privacy tools are used by millions of people to limit what third parties can learn about them as they browse.
Most of them work by intercepting requests that a visitors browser makes to known tracking services
and blocking them before any data leaves the device.
Website source code shows that PostHog has been configured on
NDS-run sites to route analytics requests through an address on the federal website itself,
rather than through PostHogs own servers.
Because the request appears to go to the site the user is already visiting, rather than to a recognisable third-party address, adblockers dont flag it.
As PostHog explains in its own documentation,
this works because ad blockers havent visited your domain to catalog your setup.
They dont know what to block.
In other words, the technique is specifically designed to evade privacy tools
by presenting commercial tracking as ordinary website activity.
Serge Egelman, research director of the Usable Security and Privacy Group at the International Computer Science Institute (ICSI), explained:
The issue there is that over the last several years,
due to abuses relating to this type of data collection,
theres basically an arms race with tools being released to allow consumers to try and exert some control over what data gets collected.
Egelman said that he had not looked specifically at the PostHog tool or its deployment on federal websites,
but he did point to a lawsuit involving the addition of commercial tracking technology to a state government website.
I testified on Meta where the Meta Pixel was put on the California DMV website.
And Meta was able to obtain information about when people are requesting, say, disability placards,
reinstating a suspended license, things like that
sensitive information thats actually protected by federal law.
He added: Its not like someone going to the DMV website expects a private company to receive their personal data and then be allowed to use that however they want.
PostHog comes with a separate feature called session recording,
which plays back every click, scroll and keystroke a visitor makes,
like a video recording of their entire visit.
Princeton University researchers who first documented the technology in 2017 wrote that watching such a recording was as if someone is looking over your shoulder.
On the Trump Accounts and TrumpRX websites, the feature has been built into the page code and is held inactive only by a single setting inside PostHogs dashboard.
The NDS can turn it on at any time, on either site, without making changes in the underlying website code.
Separately, until the Guardian sought comment on this reporting, the NDSs own website, ndstudio.gov,
ran a 539-line piece of bespoke code that recorded visitors clicks, form entries and navigation
assigned each visitor a session identifier
and forwarded the captured data to an address that does not appear anywhere on the public internet.
The scripts source code refers to it as AutoMonitor.
Chrome's next update will kill your adblocker - and make the web less safe - ZDNET
Its dangerous and its going to erode trust: redesign of US government websites stokes surveillance fears The Guardian "The NDS built and now operates four public federal websites: ndstudio.gov, trumprx.gov, realfood.gov and trumpaccounts.gov. All four ran commercial visitor-tracking software, configured to evade the privacy tools many web users install, and none carry the public filings federal privacy law requires under laws including the Privacy Act of 1974 and the E-Government Act of 2002."
Analysis of the underlying source code for four of the websites written by the secretive National Design Studio (NDS)
found that on at least two of them,
the studio installed a commercial tool called PostHog
that closely tracks what every visitor does on the site.
Another tool, apparently made in-house, sends user data to a destination that is not visible on the public internet.
The NDS apparently removed this tracking software after the Guardian reached out to the White House with a detailed series of questions on the NDSs operations on 4 June.
On 17 June, White House spokesperson Liz Huston responded:
All National Design Studio personnel comply with all legal requirements in their important work to improve how citizens interact with their government.
The studio has also built versions of services legally assigned to other agencies,
including a passports website,
and a copy of
Login.gov,
the gateway more than 150 million Americans use to sign in to federal services,
-- the latter reportedly being overseen by a former Doge engineer who moved to the studio.
The NDS has also apparently built a copy of
vote.gov,
the federal voter-registration site that by law belongs to an independent bipartisan commission
inside a website site only accessible with a White House login.
A federal voter-registration system run from inside the White House,
with identity and citizenship checks routed through systems the administration controls,
could let an incumbent see who is registering,
or check their registration, in the weeks before an election.
Public ownership records maintained by the Cybersecurity and Infrastructure Security Agency (Cisa)
list the executive office of the president as the registrant of the studios sites,
including passports.gov and the vote.gov copy,
meaning that the office controls the domains.
Questions remain about the sort of access that this could give the White House to voter registration data.
John Davisson, senior counsel at the Electronic Privacy Information Center (EPIC),
said the studios approach risked creating a second version
a whole sort of second skunk-works version of the federal government
with all these shady tracking technologies
and outside of the parameters of normal federal privacy laws.
A skunk works is a figurative term for an experimental department within a larger organization with freedom to operate outside normal procedure.
The Guardian sent a detailed list of questions about the NDS to the White House Press Office for the attention of Gebbia and the White House chief of staff, Susie Wiles,
who has oversight of the studio.
Separately, the Guardian sent a request to Gebbias presumed email at the NDS
(no addresses are publicly listed).
There was no response.
An opaque White House office staffed largely by veterans of Elon Musks
department of government efficiency
(Doge) has quietly rebuilt some of the federal governments most sensitive websites
for passport applications, voter registration, prescription-drug pricing and childrens savings
in ways critics say appear to violate federal law.
The National Design Studio (NDS)
was established by a Donald Trump executive order last August,
and is led by Trump-aligned Airbnb co-founder Joe Gebbia and staffed by Doge veterans.
A Guardian investigation has found the office has apparently been developing or redeveloping sensitive federal websites,
including those connecting Americans with prescription drugs, childrens savings accounts, passports and voter registration.
The investigation corroborates and advances earlier reporting by the Drey Dossier, a YouTube investigative outlet.
The NDS built and now operates four public federal websites:
ndstudio.gov,
trumprx.gov,
realfood.gov and
trumpaccounts.gov.
All four ran commercial visitor-tracking software,
configured to evade the privacy tools many web users install,
and none carry the public filings federal privacy law requires under laws including the Privacy Act of 1974 and the E-Government Act of 2002.
Separately, none of the NDSs spending or its arrangements with outside vendors appears in USAspending,
the federal contracting database,
raising questions about how it is funded and overseen.
Separately, the NDS has also built and runs White House-controlled versions of services the US Congress assigned to other federal agencies,
including a passport-application portal that bypasses the state departments existing site,
and a copy of voter-registration site vote.gov.
Combined, the sites route sensitive interactions Americans have with their government through infrastructure the White House apparently controls,
and outside the reporting and accountability systems that normally cover federal agencies.
Bloquer le protocole
Pour bloquer le protocole Utiq, je vous recommande d'ajouter quelques filtres Origin une ne fonctionnant pleinement que sur .
G7-Datenschutzgipfel: Ruf nach Regeln fr Alterskontrollen und Smart Homes
Die Aufsichtsbehrden der G7-Staaten verlangen einen strikten Grundrechtsschutz bei der Online-Altersberprfung und nehmen vernetzte Kinderzimmer ins Visier.
G7 Data Protection Summit: Call for rules on age verification and smart homes
The G7 supervisory authorities demand strict protection of fundamental rights in online age verification and are targeting connected children's rooms.
Heimliche : Regierung bricht ihr Schweigen bei stillen SMS heise online
From $135 to $154: Tracking SpaceX's Stock Volatility in Its First Weeks as a Public Company
Breaking: <p>Space Exploration Technologies (NASDAQ
Online-Tracking: Deutschland und Google wollen Cookie-Banner retten - netzpolitik.org
Das muss man sich auf der Zunge zergehen lassen:
Die EU-Kommission will endlich die Cookie-Banner abschaffen, aber Google und einige EU-Mitgliedsstaaten wollen sie nun unbedingt behalten, kommentiert Datenschutz-Aktivist Max Schrems von der Organisation noyb den Vorgang. Jahrzehntelang wurde sich ber EU-Brokratie beschwert, aber in Wirklichkeit frchtet sich die -Industrie dermaen vor einer Mglichkeit, dass Verbraucher:innen einfach Nein sagen knnen, dass nach etwas Lobbying alle umfallen.
> Mit dem Digitalen Omnibus will die EU nach der KI-Verordnung auch den schleifen. Das Gesetzespaket enthlt einen einzigen Vorschlag, der nicht primr Unternehmen, sondern auch Nutzer:innen das Leben erleichtern soll. Er knnte das europische Internet von -Bannern befreien, doch nach intensiver -Arbeit will der Rat den Artikel nun streichen.
1739 partners... Well I didn't want to read it anyway.
TikTok collects keystroke patterns, clipboard contents, and device identifiers beyond what most users realize when they agree to its terms.
TikTok collects keystroke patterns, clipboard contents, and device identifiers beyond what most users realize when they agree to its terms.
Path Tracer Test
With the new 's powerfull path tracing engine v2 for TD.
Meta Pauses Employee Tracking AI Program After Internal Data Exposure
DNT wird durch GPC abgelst. Aber ja, es wre so einfach, wenn die Werbelobby nicht so aktiv wre
"Unlike the now-deprecated Do Not Track header, which was unsuccessful as it was ignored by third parties, GPC is intended to have legal force under privacy laws."
Theories that might do a have been around for years, but now a says an Apple "iRing" is actually in for and . Look out, and !
Pro Tip: When you email a story suggestion to a , don't put elements in your hyperlinks or other email parts.
As always, reduce to the max.
Nicht zu glauben ..
WAS fr ein Aufwand getrieben wird, um die Norwendigkeit der Cookies zu erhalten: Der Datenschutz wre gefhrdet
Max Schrems von noyb:
"Cookie-Banner seien keine Erfindung des Datenschutzes, sondern der Tracking-Industrie, denn ohne Einwilligung gebe es kein Online-Schnffeln.
Jetzt hat man Angst, dass eine einfachere Mglichkeit, Ja oder Nein zu sagen, Umsatzeinbuen bei Google und Co zur Folge hat.
Daher lobbyiere die Tracking-Industrie, was das Zeug hlt, um das Cookie-Banner zu behalten."
Google warnt
"vor drastischen Folgen der Privacy-Signal-Lsung fr die Online-Wirtschaft"
Google behauptet "diese Regelung, wrde Europa 40 bis 50 Milliarden Euro kosten"
DIe Bundesregierung betreibt Interessenvertretung zugunsten
der Adtech- und Verlagsindustrie und auf Kosten der Verbraucher:innen, schreibt
Verbraucherzentrale
"Der digitale Omnibus als Geschenk an Big Tech
The tiny tracking gadgets that keep tabs on our luggage are also being used in some unusual ways in Australia.
Nach Meta stoppt berwachungsprogramm fr Mitarbeiter.
M8, you slept for 14 years
SignalTrace is neither new nor surprising.
Any Skiddie could do that with one of chose cheap AWUS036 dongles in promiscious mode and a Raspberry Pi!
from : anonymous tokens, zero , zero . The future is here.
Pluralistic: on to save kids from spying is very, very stupid (23 Jun 2026) Pluralistic: Daily links from
I think Meta's leadership is just three AI's in a trenchcoat.
Meta is 'pausing' employee tracking program after it let the whole company see sensitive data - Engadget
App verffentlichen ohne Abmahnung: Was Entwickler vor dem Go-Live rechtlich erledigen mssen
Video with
Keywords =
"Excuse me, your unicorn keeps shitting in my back yard, can he please not..."
= privacy tool which protected from behavioural and companies , profiling, you on the web.
Nearly Half of LG Smart TV Apps Contain Residential Proxy SDKs
A Free Tool DeFlock Maps The License Plate Readers On Your Route Flock, Etc, Then Lets You Slide Right Past Them
(Drivers can compare standard routes against camera-free alternatives with DeFlocks growing surveillance database)
--
<-- shared technical media article
--
<-- shared (free) DeFlock webmap/resource
--
<-- shared DeFlock overview web page, avoiding Flock Automated License Plate Readers
--
<-- shared YouTube video. This Flock Camera Leak is like Netflix For Stalkers, including lack of security and ready exposure of private & personal data
--
<-- shared media article, example, City Of Fort Collins, CO dropping contract and getting Flock cameras removed
--
DeFlock can generate routes that avoid known Automated License Plate Readers ALPR cameras entirely.
Users can choose how far they want to stay from surveillance cameras.
The tool arrives as scrutiny of license plate readers continues to grow.
For years, automated license plate readers have quietly spread across America. They sit on utility poles, at intersections, near shopping centers, and along roads most drivers use every day. The overwhelming majority of motorists never notice them. A free website called DeFlock changes that by showing where many of those cameras are located and, more importantly, helping users avoid them if they choose. In a world where surveillance is often invisible, thats a surprisingly powerful feature
--
Automated License Plate Readers (ALPRs or LPRs) are AI-powered cameras that capture and analyze images of all passing vehicles, storing details like your car's location, date, and time. They also capture your car's make, model, colour, and identifying features such as dents, roof racks, and bumper stickers, often turning these into searchable data points.
These cameras collect data on millions of vehicles regardless of whether the driver is suspected of a crime. These systems are marketed as indispensable tools to fight crime, but they ignore the powerful tools police already have to track criminals, such as cell phone location data, creating a loophole that doesn't require a warrant
#
Meta Pauses Employee-Tracking Program Following Internal Data Leak
US Bill Would Mandate Chip to Thwart and Other Adversaries
Pauses Employee-Tracking Program Following Internal Data
The move comes after the company left potentially sensitive data from the initiative exposed internally.