The Mozilla Foundation is calling upon 30 technology companies, social networks, and websites to block web scraping by an ICE surveillance contractor called ShadowDragon after 404 Media published a list of sites that the contractor pulls data from.
“The thorniest concern here is the meticulous targeting such data enables—putting the lives of protesters, researchers, immigrants, and human rights defenders participating in any form of civil resistance that challenges political powers at risk of arrest and intimidation. SocialNet’s widespread reach across major social networking sites and forums also puts data from millions of people at risk of unconsented exposure or exploitation,” the Mozilla Foundation said in a statement.
ShadowDragon sells a tool called SocialNet that streamlines the process of pulling public data from various sites, apps, and services. Marketing material available online says SocialNet can “follow the breadcrumbs of your target’s digital life and find hidden correlations in your research.” In one promotional video, ShadowDragon says users can enter “an email, an alias, a name, a phone number, a variety of different things, and immediately have information on your target. We can see interests, we can see who friends are, pictures, videos.”
The leaked list of targeted sites include ones from major tech companies, communication tools, sites focused around certain hobbies and interests, payment services, social networks, and more. The 30 companies the Mozilla Foundation is asking to block ShadowDragon scrapers are Amazon, Apple, BabyCentre, BlueSky, Discord, Duolingo, Etsy, Meta’s Facebook and Instagram, FlightAware, Github, Glassdoor, GoFundMe, Google, LinkedIn, Nextdoor, OnlyFans, Pinterest, Reddit, Snapchat, Strava, Substack, TikTok, Tinder, TripAdvisor, Twitch, Twitter, WhatsApp, Xbox, Yelp, and YouTube.
When 404 Media contacted a large number of companies mentioned in the leaked list, several said that scraping would violate their terms of service. Many did not reply.
When previously asked if ShadowDragon’s activity constitutes scraping, Sandy MacKay, VP of business operations at ShadowDragon, told 404 Media in an email that “ShadowDragon doesn’t log customer inquiries or the resulting data, so we can’t provide information that violates the privacy settings of individual account owners using these platforms, including data they’ve deleted.” In other words, the searches are performed live on sites when the ShadowDragon user requests it. That might arguably still violate some of the companies’ terms of use, however.
“Governments are using visible and invisible tactics to silence individuals speaking out against human rights abuse,” Nabiha Syed, the Mozilla Foundation’s executive director said in a statement. “Our job is to throw sunlight on these invisible tactics so that companies aren’t betraying consumer trust in data protection.”
News of the sites ShadowDragon targets came as the Trump administration plans to use AI to scan the social media profiles of foreign students that it believes support Hamas.
