Our team at Silent Push has been hard at work on the largest report we’ve ever made public – and along with Reuters – today we’re explaining how North Korean threat actors associated with the “Contagious Interview” subgroup created 3 front companies...🧵 ... and registered 2 of them as legitimate businesses in the United States.

The front companies are: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC

Last year, while conducting audits on SDKs installed in mobile apps for @SafeTechLabs, a popular SDK installed in thousands of apps called “Pushwoosh” started to raise some odd questions, was it secretly Russian? Reuters has an explosive story out today: reuters.com/technology/exc…🧵 This is a complex but important story for folks to understand -- this is the start of the discussion about these types of risks.

There was a SDK company -- "Pushwoosh" -- pretending to be based in Washington, D.C., but was really based in Russia, and has been the ~entire time.

I have some really disappointing & horrifying news about how Twitter ads is ingesting + storing advertiser credit cards. They have a ~new "reviewData" field that is a plain text ingestion (CC fields are encrypted) which includes the "firstSix" and "lastFour" #'s of your CC.🌩️⚖️🧵 I want to make sure it's clear that storing credit card numbers in plain text in a "reviewData" field is maybe used for fraud and abuse, potentially for the Twitter ads fraud and abuse vendor Sift which you agree to share data with. But the data is stored on Twitter's side.👀🥵🌩️

I've gone through mudge's redacted whistleblower complaint and there are some really spicy sections that relate to ad tech + privacy + foreign intelligence... brief thread of what I think is most interesting (link to documents in tweet below)🌶️🐦🌩️⚖️🧵

https://twitter.com/felixsalmon/status/1562072827951464451

First up... folks have known for awhile that tons of Chinese advertisers were/are buying Twitter ads... But no one had pieced it together that those Chinese advertisers would be using ***Twitter Custom Audiences to doxx VPN users who verified with real contact info...** 🚨🥵🥵🚨

Reminder: @WhiteHouse has done nearly nothing to hold Yandex accountable for their Putin War propaganda via Yandex News, no comment about the massive Yandex Appmetrica SDK data collection straight to Moscow.

But leaders within women's hockey (PWHPA) fought back against Yandex🧵

https://twitter.com/AlexAzziNBC/status/1507475401890799620

ICYMI in April 2022 the PWHPA decided to *not* move forward w/ a partnership w/ the PHF due to the connections to Yandex Chair John Boynton, "It’s believed Boynton will be an issue when it comes to attracting major sponsors moving forward." 🧐🌩️⚖️👏🏻👏🏻👏🏻

thehockeynews.com/news/report-pw…

Google's "automatic ads" w/ the new "Anchor / Vignette Ads" = full-screen between-page-loading interstitial @ support.google.com/adsense/answer… @ "Auto ads will then scan your site and automatically place ads where they’re likely to perform well and potentially generate more revenue."👀 This is going to be a complex product to audit how it performs / users are impacted, and while I'm a big fan of "easy deployments" - I can only imagine what would happen if this process for "auto ads will then scan your site and automatically place ads" went a little wrong.😅🥵

One of the saddest parts about understanding how politicians use their email lists, is that if you signup for *official* newsletters from members of Congress, the updates are very informative, some bs but tons of policy. Campaign email updates have ~zero policy, all bs & $$ asks. And it's *illegal* for the official Congressional / elected officials office to promote the campaign email newsletter/accounts, but it's totally legal (IANAL) for the campaign to promote the official office website / newsletters -- yet it's super rare for campaigns to do this.

Sometimes you find something so disturbing during an audit, you've gotta check/recheck because you assume that *something* must be broken in the test.

But I'm confident now.

The new @DuckDuckGo browsers for iOS/Android don't block Microsoft data flows, for LinkedIn or Bing.🧵 DuckDuckGo has browser extensions & their own browsers for iOS / Android @ duckduckgo.com/app

iOS @ apps.apple.com/us/app/duckduc…

Android @ play.google.com/store/apps/det…

Both versions of the DDG browser claims to use tools which
"automatically blocks hidden third-party trackers" 👀

And now we know what Google has been actually doing to slow down ePrivacy..

The unredacted documents between Google & Facebook @ storage.courtlistener.com/recap/gov.usco… are outrageous. There are going to dozens of important ad tech, digital privacy stories from all the details we can now see.

https://twitter.com/SamuelStolton/status/1451560529898741764

Facebook had minimum spends & quotas via Facebook's header bidding. Google considered a "nuclear option" of reducing Google's exchange fees down to zero to kill header bidding.

Google documented it could not avoid "competing with [Facebook's Audience Network"

Does everyone realize that this is almost assuredly @Merck using the Ad ID Consortium to target ads to cancer patients? BOK's former company left this data-co-op (adexchanger.com/online-adverti…)

I'll do a thread on this, explaining how you can audit a website like keytruda.)com ⚖️⛈️🧵

https://twitter.com/bokelley/status/1405568632244125697

First, BOK's old company used to own the domain facilitating these data flows "adnxs.com" - this domain was used in the Ad ID Consortium & was the most popular. AT&T bought appnexus, pulled out of the AD ID C, & seemingly "gave the domain up"
admonsters.com/universal-id-a…

UID 2.0 made their code open source, and now we know with certainty (github.com/UnifiedID2/uid…) that this ad tech data breach code purposefully strips the ability for GMAIL users to add a "+" to the back of their email to protect themselves from shared email user graphs. 🧵 All initial email address payloads are *encoded in base64* - no encryption as emails are sent from a UID 2.0 vendor/website/app participating in this data breach scheme now housed as "open source" and controlled by the IAB Tech Lab.

@TheTradeDesk built this base64 data breach⤵️