Anyone deciding to download the free and open-source audio editor Audacity is being warned that the software may now be classified as spyware due to recent updates to its privacy policy. From a report: Audacity has been around for over 21 years and classes as the world's most popular audio editing software. On April 30, the Muse Group acquired Audacity with the promise that the software would "remain forever free and open source." However, as FOSS Post reports, last week the Audacity privacy policy page was updated and introduced a number of personal data collection clauses. The data collected includes OS version and name, user country based on IP address, the CPU being used, data related to Audacity error codes and crash reports, and finally "Data necessary for law enforcement, litigation and authorities' requests (if any)." The personal data collected can be shared with Muse Group employees, auditors, advisors, legal representatives and "similar agents," potential company buyers, and "any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights."
UPDATE: Ars Technica's Jim Salter disagrees, pointing out that "neither the privacy policy nor the in-app telemetry in question are actually in effect yet," and that the company now plans to self-host its telemetry sessions rather than using third-party libraries and hosting.

Facebook, Twitter, and Alphabet's Google have privately warned the Hong Kong government that they could stop offering their services in the city if authorities proceed with planned changes to data-protection laws that could make them liable for the malicious sharing of individuals' information online. From a report: A letter sent by an industry group that includes the internet firms said companies are concerned that the planned rules to address doxing could put their staff at risk of criminal investigations or prosecutions related to what the firms' users post online. Doxing refers to the practice of putting people's personal information online so they can be harassed by others. Hong Kong's Constitutional and Mainland Affairs Bureau in May proposed amendments to the city's data-protection laws that it said were needed to combat doxing, a practice that was prevalent during 2019 protests in the city. The proposals call for punishments of up to 1 million Hong Kong dollars, the equivalent of about $128,800, and up to five years' imprisonment. "The only way to avoid these sanctions for technology companies would be to refrain from investing and offering the services in Hong Kong," said the previously unreported June 25 letter [PDF] from the Singapore-based Asia Internet Coalition, which was reviewed by The Wall Street Journal.

An anonymous reader shares a report: If you receive emails flagged as spam or see a warning that a message might be a phishing attempt, it's a sign that your email provider is scanning your emails. The company may do that just to protect you from danger, but in some situations it can delve into your communications for other purposes, as well. Google announced that it would stop scanning Gmail users' email messages for ad targeting in 2017 -- but that doesn't mean it stopped scanning them altogether. Verizon didn't respond to requests for comments about Yahoo and AOL's current practices, but in 2018 the Wall Street Journal reported that both email providers were scanning emails for advertising. And Microsoft scans its Outlook users' emails for malicious content. Here's what major email providers say about why they currently scan users' messages.

Email providers can scan for spam and malicious links and attachments, often looking for patterns. [...] You may see lots of ads in your email inbox, but that doesn't necessarily mean your email provider is using the content of your messages to target you with marketing messages. For instance, like Google, Microsoft says that it refrains from using your email content for ad targeting. But it does target ads to consumers in Outlook, along with MSN, and other websites and apps. The data to do that come from partnering with third-party providers, plus your browsing activity and search history on Bing and Microsoft Edge, as well as information you've given the company, such as your gender, country, and date of birth.

[...] If you're using an email account provided by your employer, an administrator with qualifying credentials can typically access all your incoming and outgoing emails on that account, as well as any documents you create using your work account or that you receive in your work account. This allows companies to review emails as part of internal investigations and access their materials after an employee leaves the company. [...] Law enforcement can request access to emails, though warrants, court orders, or subpoenas may be required. Email providers may reject requests that don't satisfy applicable laws, and may narrow requests that ask for too much information. They may also object to producing information altogether.

Long-time Slashdot reader BigVig209 shares a Chicago Tribune report "on how suburban police departments in the Chicago area use license plate cameras as a crime-fighting tool." Critics of the cameras note that only a tiny percentage of the billions of plates photographed lead to an arrest, and that the cameras generally haven't been shown to prevent crime. More importantly they say the devices are unregulated, track innocent people and can be misused to invade drivers' privacy. The controversy comes as suburban police departments continue to expand the use of the cameras to combat rising crime. Law enforcement officials say they are taking steps to safeguard the data. But privacy advocates say the state should pass a law to ensure against improper use of a nationwide surveillance system operated by private companies.

Across the Chicago area, one survey by the nonprofit watchdog group Muckrock found 88 cameras used by more than two dozen police agencies. In response to a surge in shootings, after much delay, state police are taking steps to add the cameras to area expressways. In the northwest suburbs, Vernon Hills and Niles are among several departments that have added license plate cameras recently. The city of Chicago has ordered more than 200 cameras for its squad cars. In Indiana, the city of Hammond has taken steps to record nearly every vehicle that comes into town.

Not all police like the devices. In the southwest suburbs, Darien and La Grange had issues in years past with the cameras making false readings, and some officers stopped using them...

Homeowner associations may also tie their cameras into the systems, which is what led to the arrest in Vernon Hills. One of the leading sellers of such cameras, Vigilant Solutions, a part of Chicago-based Motorola Solutions, has collected billions of license plate numbers in its National Vehicle Location Service. The database shares information from thousands of police agencies, and can be used to find cars across the country... Then there is the potential for abuse by police. One investigation found that officers nationwide misused agency databases hundreds of times, to check on ex-girlfriends, romantic rivals, or perceived enemies. To address those concerns, 16 states have passed laws restricting the use of the cameras.
The article cites an EFF survey which found 99.5% of scanned plates weren't under suspicion — "and that police shared their data with an average of 160 other agencies."

"Two big concerns the American Civil Liberties Union has always had about the cameras are that the information can be used to track the movements of the general population, and often is sold by operators to third parties like credit and insurance companies."

An anonymous reader quotes a report from Apple Insider: Responding to comments made by Apple CEO Tim Cook in June, European Union competition chief Margrethe Vestager said that Apple shouldn't use privacy and security concerns to stifle competition on the App Store. Vestager, the European Commission's executive vice president, has proposed regulations that could force Apple to allow alternate app stores. Apple CEO Tim Cook spoke out against the proposal, stating that they could threaten the privacy and security of iOS.

In an interview with Reuters, Vestager agreed with Cook that privacy and security are important factors for consumers, but warned the Cupertino tech giant against using concerns about them to fend off competition. "I think privacy and security is of paramount importance to everyone," Vestager said. "The important thing here is, of course, that it's not a shield against competition, because I think customers will not give up neither security nor privacy if they use another app store or if they sideload." Vestager added that she was open to changes in her proposals, which need input from EU member states and lawmakers before it can become law. "I think that it is possible to find solutions to this," Vestager said.

The EU competition chief told Reuters that recent privacy changes to iOS, including App Tracking Transparency, aren't currently an antitrust target. In fact, she praised Apple's new privacy controls. "As I have said, I think actually several times, that it is a good thing when providers give us the service that we can easily set our preferences if we want to be tracked outside the use of an app or not as long as it's the same condition for everyone," Vestager added. "So far, we have no reason to believe that this is not the case for Apple."

An anonymous reader quotes a report from Ars Technica: Like most Internet-of-things (IoT) devices these days, Amazon's Echo Dot gives users a way to perform a factory reset so, as the corporate behemoth says, users can "remove any... personal content from the applicable device(s)" before selling or discarding them. But researchers have recently found that the digital bits that remain on these reset devices can be reassembled to retrieve a wealth of sensitive data, including passwords, locations, authentication tokens, and other sensitive data. Most IoT devices, the Echo Dot included, use NAND-based flash memory to store data. Like traditional hard drives, NAND -- which is short for the boolean operator "NOT AND" -- stores bits of data so they can be recalled later, but whereas hard drives write data to magnetic platters, NAND uses silicon chips. NAND is also less stable than hard drives because reading and writing to it produces bit errors that must be corrected using error-correcting code.

Researchers from Northeastern University bought 86 used devices on eBay and at flea markets over a span of 16 months. They first examined the purchased devices to see which ones had been factory reset and which hadn't. Their first surprise: 61 percent of them had not been reset. Without a reset, recovering the previous owners' Wi-Fi passwords, router MAC addresses, Amazon account credentials, and information about connected devices was a relatively easy process. The next surprise came when the researchers disassembled the devices and forensically examined the contents stored in their memory. "An adversary with physical access to such devices (e.g., purchasing a used one) can retrieve sensitive information such as Wi-Fi credentials, the physical location of (previous) owners, and cyber-physical devices (e.g., cameras, door locks)," the researchers wrote in a research paper. "We show that such information, including all previous passwords and tokens, remains on the flash memory, even after a factory reset."

After extracting the flash contents from their six new devices, the researchers used the Autospy forensic tool to search embedded multimedia card images. The researchers analyzed NAND dumps manually. They found the name of the Amazon account owner multiple times, along with the complete contents of the wpa_supplicant.conf file, which stores a list of networks the devices have previously connected to, along with the encryption key they used. Recovered log files also provided lots of personal information. After dumping and analyzing the recovered data, the researchers reassembled the devices. The researchers wrote: "Our assumption was, that the device would not require an additional setup when connected at a different location and Wi-Fi access point with a different MAC address. We confirmed that the device connected successfully, and we were able to issue voice commands to the device. When asked 'Alexa, Who am I?', the device would return the previous owner's name. The re-connection to the spoofed access point did not produce a notice in the Alexa app nor a notification by email. The requests are logged under 'Activity' in the Alexa app, but they can be deleted via voice commands. We were able to control smart home devices, query package delivery dates, create orders, get music lists and use the 'drop-in' feature. If a calendar or contact list was linked to the Amazon account, it was also possible to access it. The exact amount of functionality depends on the features and skills the previous owner had used." Furthermore, the researchers were able to find the rough location of the previous owner's address by asking questions about nearby restaurants, grocery stores, and public libraries. "In a few of the experiments, locations were accurate up to 150 meters," reports Ars.

An Amazon spokeswoman said: "The security of our devices is a top priority. We recommend customers deregister and factory reset their devices before reselling, recycling, or disposing of them. It is not possible to access Amazon account passwords or payment card information because that data is not stored on the device." The threats most likely apply to Fire TV, Fire Tablets, and other Amazon devices, as well as many other NAND-based devices that don't encrypt user data, including the Google Home Mini.

Europe's tech chief Margrethe Vestager on Friday warned iPhone maker Apple against using privacy and security concerns to fend off competition on its App Store, reasons CEO Tim Cook gave for not allowing users to install software from outside the Store. From a report: Vestager, who is also the European Commission's executive vice president, last year proposed rules called the Digital Markets Act (DMA) that would force Apple to open up its lucrative App Store so that users can download apps from the internet or third-party app stores in a practice known as side-loading. Cook, speaking at an event last month, said the proposal would destroy the security and privacy of iPhones. read more Vestager said she shares Cook's security concerns. "I think privacy and security is of paramount importance to everyone," Vestager told Reuters in an interview.

"The important thing here is, of course, that it's not a shield against competition, because I think customers will not give up neither security nor privacy if they use another app store or if they sideload," she said. Vestager indicated that she was open to changes in her proposal, which needs input from EU countries and EU lawmakers before it can become law. "I think that it is possible to find solutions to this," she said.

Russian spies accused of interfering in the 2016 U.S. presidential election have spent much of the past two years abusing virtual private networks (VPNs) to target hundreds of organizations worldwide, U.S. and British authorities said on Thursday. Reuters reports: The governments said in a joint advisory that Unit 26165, the arm of Russia's military spy agency whose officers were indicted for allegedly breaking into Democratic Party emails, had been using VPNs and Tor - a privacy-focused network - to conduct "widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets." The advisory did not identify any of the targets by name, saying only that they were mainly in the United States and Europe and included government offices, political parties, energy companies, law firms and media organizations. The National Security Agency (NSA) today also disclosed details of "brute force" methods they say have been used by Russian intelligence to try to break into the cloud services of hundreds of government agencies, energy companies and other organizations.

Earlier this week, law enforcement seized the servers and customer logs for DoubleVPN, a Russian-based VPN service that was reportedly used by cyber criminals to hide their activities while conducting ransomware attacks, phishing campaigns and other malicious hacking operations.

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month. Krebs On Security reports: Intuit says the change is tied to an "exciting" and "free" new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit. "In early fall 2021, your QuickBooks Online Payroll subscription will include an automated income and employment verification service powered by The Work Number from Equifax," reads the Intuit email, which includes a link to the new Terms of Service. "Your employees may need to verify their income and employment info when applying for things like loans, credit, or public aid. Before, you likely had to manually provide this info to lenders, creditors or government agencies. These verifications will be automated by The Work Number, which helps employees get faster approvals and saves you time." An Intuit spokesperson clarified that the new service is not available through QuickBooks Online or to QuickBooks Online users as a whole. Intuit's FAQ on the changes is here.

"The way I read the terms, Equifax gets to proactively collect all payroll data just in case they need to share it later -- similar to how they already handle credit reporting," said Citrano, who is founder and CEO of Acquicent, a company that issues non-fungible tokens (NFTs). "And that feels like a disaster waiting to happen, especially given Equifax's history." In selling payroll data to Equifax, Intuit will be joining some of the world's largest payroll providers. For example, ADP -- the largest payroll software provider in the United States -- has long shared payroll data with Equifax. But Citrano said this move by Intuit will incorporate a large number of fairly small businesses. "ADP participates in some way already, but QuickBooks Online jumping on the bandwagon means a lot of employees of small to mid-sized businesses are going to be affected," he said. Why might small businesses want to think twice before entrusting Equifax with their payroll data? The answer is the company doesn't have a great track record of protecting that information. In 2017, Equifax had a massive data breach that exposed the personal and financial details of 145.5 million Americans.

If customers do not want this new service, they must update their preferences and opt-out by July 31, 2021. Otherwise, they'll be automatically opted in. You can opt out by signing in to QuickBooks Online Payroll, navigating to Payroll Settings, selecting the pencil and unchecking the box in the Shared data section, and saving your changes.

Primary care company One Medical has apologized after it sent out an email that exposed hundreds of customers' email addresses. From a report: The email sent out by One Medical on Wednesday asked to "verify your email," but one email seen by TechCrunch had more than 980 email addresses copied on the email. The cause: One Medical did not use the blind carbon copy (bcc:) field to mass email its customers, which would have hidden their email addresses from each other. Several customers took to Twitter to complain, but also express sympathy for what was quickly chalked up to an obvious mistake. Some users reported varying numbers of email addresses on the email that they received.

Apple executives have taken swipes at Google in the past over its privacy practices. But the iPhone maker trusts Google enough so that over the past year it has dramatically increased the amount of Apple user data it stores in Google's cloud, The Information reported [Editor's note: the link may be paywalled; alternative source], citing a person with direct knowledge of the matter. From the report: The increase cements Apple's status as the largest corporate client for Google's storage service, dwarfing other high-profile Google customers such as ByteDance and Spotify. As of mid-May, Apple was on track to spend around $300 million on Google cloud storage this year, which would represent an increase of roughly 50% from all of 2020, the person said. Inside Google's cloud unit, the person said, staffers have even given Apple a code name that hints at its size: Bigfoot.

The state of Maine now has the most stringent laws regulating government use of facial recognition in the country. The Verge reports: The new law prohibits government use of facial recognition except in specifically outlined situations, with the most broad exception being if police have probable cause that an unidentified person in an image committed a serious crime, or for proactive fraud prevention. Since Maine police will not have access to facial recognition, they will be able to ask the FBI and Maine Bureau of Motor Vehicles (BMV) to run these searches.

Crucially, the law plugs loopholes that police have used in the past to gain access to the technology, like informally asking other agencies or third parties to run backchannel searches for them. Logs of all facial recognition searches by the BMV must be created and are designated as public records. The only other state-wide facial recognition law was enacted by Washington in 2020, but many privacy advocates were dissatisfied with the specifics of the law. Maine's new law also gives citizens the ability to sue the state if they've been unlawfully targeted by facial recognition, which was notably absent from Washington's regulation. If facial recognition searches are performed illegally, they must be deleted and cannot be used as evidence. In response to this new law, the ACLU said: "Maine is showing the rest of the country what it looks like when we the people are in control of our civil rights and civil liberties, not tech companies that stand to profit from widespread government use of face surveillance technology."

An anonymous reader quotes a report from 9to5Google: SMS is widely regarded as an insecure form of two-factor authentication, and another example of this has just emerged. A carrier looks to be injecting ads into the Google verification code used to sign in to services like Gmail. Action Launcher developer Chris Lacy today tweeted how his Google verification code -- which starts with "G-" -- featured an "SMS AD." The advertisement -- for a VPN -- includes a quick message and short URL. For those that immediately suspect this is just a phishing attempt, the verification code is legitimate and was requested by Lacy to successfully verify a login attempt. Google Messages even flagged the link/message as spam. As such, Googlers responding to the thread suspect this is an occurrence of a carrier appending an ad -- note the extra spaces -- into a real text message. It's very unlikely that Google's security teams would allow advertising into a very crucial part of the login process where end user trust is paramount.

Google issued the following statement to us today: "These are not our ads and we are currently working with the wireless carrier to understand why this happened." Google confirms that the "SMS AD" did not originate from its own advertising network. Meanwhile, it's working with the wireless carrier in question to find out what occurred. Lacy has decided "not to state the carrier for privacy reasons," and Google did not share that information either.

Federal law enforcement agencies secretly seek the data of Microsoft customers thousands of times a year, according to congressional testimony Wednesday by a senior executive at the technology company. From a report: Tom Burt, Microsoft's corporate vice president for customer security and trust, told members of the House Judiciary Committee that federal law enforcement in recent years has been presenting the company with between 2,400 to 3,500 secrecy orders a year, or about seven to 10 a day. "Most shocking is just how routine secrecy orders have become when law enforcement targets an American's email, text messages or other sensitive data stored in the cloud," said Burt, describing the widespread clandestine surveillance as a major shift from historical norms.

The relationship between law enforcement and Big Tech has attracted fresh scrutiny in recent weeks with the revelation that Trump-era Justice Department prosecutors obtained as part of leak investigations phone records belonging not only to journalists but also to members of Congress and their staffers. Microsoft, for instance, was among the companies that turned over records under a court order, and because of a gag order, had to then wait more than two years before disclosing it.

Law enforcement has seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities. BleepingComputer reports: DoubleVPN is a Russian-based VPN service that double-encrypts data sent through their service. When using the service, requests are encrypted and transmitted to one VPN server, which sends it to another VPN server, which finally connects to the final destination. The doublevpn.com [archive.org] website was seized today by law enforcement, who stated that they gained access to the servers for DoubleVPN and took personal information, logs, and statistics for the service's customers.

"On 29th of June 2021, law enforcement took down DoubleVPN. Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers. DoubleVPN's owners failed to provide the services they promised," says the now-seized doublevpn.com website. "International law enforcement continues to work collectively against facilitators of cybercrime, wherever and however it is committed. The investigation regarding customer data of this network will continue." Europol has confirmed to BleepingComputer that the seizure message is legitimate and that they will be providing more information about the operation tomorrow.

A second massive LinkedIn breach reportedly exposes the data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, with records including phone numbers, physical addresses, geolocation data, and inferred salaries. 9to5Mac reports: RestorePrivacy reports that the hacker appears to have misused the official LinkedIn API to download the data, the same method used in a similar breach back in April: "On June 22nd, a user of a popular hacker advertised data from 700 Million LinkedIn users for sale. The user of the forum posted up a sample of the data that includes 1 million LinkedIn users. We examined the sample and found it to contain the following information: Email Addresses; Full names; Phone numbers; Physical addresses; Geolocation records; LinkedIn username and profile URL; Personal and professional experience/background; Genders; and Other social media accounts and usernames."

With the previous breach, LinkedIn did confirm that the 500M records included data obtained from its servers, but claimed that more than one source was used. PrivacyShark notes that the company has issued a similar statement this time: "While we're still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members' privacy is protected."

Sridhar Ramaswamy and Vivek Raghunathan helped turn Google into an ad giant. Now they're starting over with a service whose only customers are its users. From a report: A new search engine? One that people have to pay to use? At first blush, it may seem like a textbook example of a startup idea destined never to get anywhere. By definition, any new search engine competes with Google, whose 90 percent-plus market share leaves little oxygen for other players. And we've been accustomed to getting our search for free since well before there was a Google -- which might make paying for it sound like being expected to purchase a phone book. But Neeva is indeed a new search engine, officially launching today, that carries a subscription fee.

Though it's extremely similar to Google in many respects -- with a few twists of its own -- it dumps the web giant's venerable ad-based business model in the interest of avoiding distractions, privacy quandaries, and other compromises. It's free for three months -- long enough for users to grow accustomed to it without obligation -- and $4.95 a month thereafter. Apps for iPhones and iPads, and browser extensions for Chrome, Firefox, Safari, Edge, and Brave, are part of the deal. Neeva may have a certain whiff of improbability about it, but its cofounders, Sridhar Ramaswamy and Vivek Raghunathan, are the furthest thing from naifs. Two long-time Google executives with more than a quarter-century of experience at the web giant between them, they have an insider's understanding of how it operates. Moreover, about 30 percent of the roughly 60-person staff they've assembled at Neeva consists of ex-Googlers, including Hall-of-Famers such as Udi Manber (a former head of Google search) and Darin Fisher (one of the inventors of Chrome). They've also secured $77.5 million in funding, including investments from venture-capital titans Greylock and Sequoia.

Abu Dhabi will use facial scanners to detect coronavirus infections at malls and airports starting Monday, after a trial of 20,000 people showed "a high degree of effectiveness." From a report: The technology can detect infections by measuring electromagnetic waves, which change when the RNA particles of the virus are present in the body, state-run WAM reported. The results showed 93.5 per cent sensitivity, reflecting the accuracy of identifying those infected. The scanner was developed by EDE Research Institute Abu Dhabi, a unit of International Holding. The United Arab Emirates, of which Abu Dhabi is part, has one of the world's highest vaccination rates, but daily new cases have continued to hover around 2,000 since March.

"Organizations are beginning to develop, design, and manage their own AI-powered voice assistant systems independent of platforms such as Siri and Alexa," reports VentureBeat: The transition is being driven by the desire to manage the entirety of the user experience and integrate voice assistance into multiple business processes and brand environments, from call centers to stores. In a recent survey of 500 IT and business decision-makers in the U.S., France, Germany, and the U.K., 28% of respondents said they were using voice technologies and 84% expect to be using them in the next year.

To support the evolution, the Linux Foundation launched the Open Voice Network (OVN), an alliance advocating for the adoption of open standards across voice assistant apps in automobiles, smartphones, smart home devices, and more. With founding members Target, Schwarz Gruppe, Wegmans Food Markets, Microsoft, Veritone, Deutsche Telekom, and others, the OVN's goal — much like Amazon's Voice Interoperability Initiative — is to standardize the development and use of voice assistant systems and conversational agents that use technologies including automatic speech recognition, natural language processing, advanced dialog management, and machine learning... It was first announced as the Open Voice Initiative in 2019, but expanded significantly as the COVID-19 pandemic spurred enterprises to embrace digital transformation.

"Voice is expected to be a primary interface to the digital world, connecting users to billions of sites, smart environments and AI bots ... Key to enabling enterprise adoption of these capabilities and consumer comfort and familiarity is the implementation of open standards," Mike Dolan, SVP and general manager of projects at the Linux Foundation, said in a statement. "The potential impact of voice on industries including commerce, transportation, healthcare, and entertainment is staggering and we're excited to bring it under the open governance model of the Linux foundation to grow the community and pave a way forward."
Besides a focus on standards and technology-sharing, the group plans to collaborate with existing industry associations on regulatory/legislative issues — including data privacy."

There are some big announcements on DuckDuckGo's blog at SpreadPrivacy.com:

• "Our apps have been downloaded more than 50 million times over the last 12 months, more than all prior years combined...

• "Spurred by the increase in DuckDuckGo app usage, over the last 12 months our monthly search traffic increased 55% and we grew to become the #2 search engine on mobile in many countries including in the U.S., Canada, Australia, and the Netherlands. (StatCounter/Wikipedia)."

• "We don't track our users so we can't say for sure how many we have, but based on market share estimates, download numbers, and national surveys, we believe there are between 70-100 million DuckDuckGo users."

• "We're excited to start rolling out additional privacy features to our all-in-one privacy bundle. In a few weeks, DuckDuckGo Email Protection will be available in beta which will give users more privacy without having to get a new inbox. Later this summer, app tracker blocking will be available in beta for Android devices, allowing users to block app trackers and providing more transparency on what's happening behind the scenes on their device. Before the end of the year, we also plan to release a brand-new desktop version of our existing mobile app which people can use as a primary browser."

They're now pulling in over $100 million a year in revenue, "giving us the financial resources to continue growing rapidly," and at the end of 2020 they also landed a "mainly secondary investment" of over $100 million from a long list of investors (which included Tim Berners-Lee as well as Freada Kapor Klein and Mitch Kapor).

One thing they're doing with their money is spreading the word about online privacy — by purchasing billboard, radio, and TV ads in 175 different markets across the U.S., with more marketing blitzes now planned soon for Europe and other countries around the world.