Security News > 2022 > August > DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt

In May, DDG admitted its supposedly pro-privacy mobile browser wasn't blocking certain Microsoft trackers, while actively blocking other types of third-party trackers by Microsoft and other organizations, confirming findings by data-usage researcher Zach Edwards.

Back in January, Twitter fixed a privacy flaw that made it easy to unmask users.

Exploiting the bug was pretty easy: it was possible to send an email address or phone number to one part of Twitter's systems, and have it tell you which Twitter account was associated with that contact information, if any, even if they had chosen not to disclose those details in their privacy settings.

Thus if you suspected someone had a pseudonymous Twitter profile, you could give their contact info to Twitter, and the site would confirm their handle.

"If someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any," the micro-blogging biz said Friday.

Though Twitter has now acknowledged that this info was stolen via the bug before it was fixed, it's understood that 5.4 million Twitter users had their details harvested and put up tor sale.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/06/in_brief_security/