Short Topix: Okular First Ever Eco-Certified Computer Program

I'm changing the graphic for the monthly update on your privacy section, starting this month. With the vast majority of the privacy threats emanating from three principle countries hosting the threat actors (People's Republic of China, Russia, and North Korea), let's just "celebrate" their malfeasance to the rest of the world by displaying their flags.

According to an article on BleepingComputer, Mars Stealer malware has been spotted in the wild, delivered via OpenOffice ads on Google. The malware is a redesigned version of Oski malware that ceased development in 2020. This malware steals auto-fill information, browser extension data, credit cards, IP address, country code, and timezone. They were discovered when the Russian threat actor inadvertently infected themselves with the Mars Stealer malware during a debugging session. That inadvertent infection exposed the hacker's GitLab accounts, along with stolen credentials to pay for the Google Ads, according to Morphisec, who discovered the new threat. They also discovered that the information thieves are focused on stealing cryptocurrency assets.

North Korea recently exploited a recently uncovered remote code execution flaw in Google Chrome (imagine that) to target U.S. based news media, IT, cryptocurrency, and financial-technology industries, according to an article on The Hacker News. The new vulnerability, CVE-2022-0609, is a[nother] "use after free" zero-day flaw discovered in the Chrome browser. The exploit kit, according to the Google TAG (Threat Analysis Group), is fashioned as a multi-stage infection chain that involves embedding the attack code within hidden internet frames on both compromised websites as well as rogue websites under their control, according to the article.

In another article from The Hacker News, another unidentified threat agent has been spotted employing a "complex and powerful" malware loader, with the ultimate goal of deploying cryptomining malware on the infected computers. Dubbed "Verblecon," it uses polymorphic qualities to evade detection by security software.

A group of hackers, some of whom may be minors in the U.K. and the U.S., duped Apple and Facebook (Meta) into providing private customer data, according to an article on Bloomberg. That data included customer addresses, phone numbers, and IP addresses. Posing as law enforcement officials, the hackers sent forged "emergency data requests" to the companies, who then handed over the information. It is suspected that the hackers gained access to bona fide law enforcement computer systems, and thus actual emergency data requests. It's speculated that they then used those actual documents as a template to create their forged documents.

Yet another Google Chrome browser vulnerability was discovered that allows hackers to exploit the V8 Javascript engine to allow the reading and writing of data on an infected machine without permissions, according to an article on Review Geek. The vulnerability, CVE-2022-1096, affects all Chromium/Chrome browsers, including Chrome, Edge and Opera.

In the turn-about-is-fair-play department, a Ukrainian computer researcher struck back at one of the most formidable Russian ransomware gangs, according to an article from CNN. The article says the researcher "published the biggest leak ever of files and data from Conti, a syndicate of Russian and Eastern Europe cybercriminals wanted by the FBI for conducting attacks on hundreds of US organizations and causing millions of dollars in losses." The article continues, "The thousands of internal documents and communications include evidence that appears to suggest Conti operatives have contacts within the Russian government, including the FSB intelligence service. That supports a longstanding US allegation that Moscow has colluded with cybercriminals for strategic advantage."

Six "antivirus" apps were discovered in the Google Play store recently by Check Point Research that were caught stealing banking information and credentials red-handed from users, according to an article on Laptop Mag. The six malicious apps CPR spotted included "Atom Clean-Booster, Antivirus," "Antivirus, Super Cleaner," "Alpha Antivirus, Cleaner," "Powerful Cleaner, Antivirus," and "Center Security - Antivirus." Google has since removed these apps from the Google Play store. If you have one of these apps installed on your mobile device, it would be best to remove them yesterday.

If you use Google Chrome (or one of its Chromium-based "siblings"), you may want to make sure you are running updates REGULARLY. Like, every other day or so. Over the past month, I've read about two to three new Google Chrome browser vulnerabilities each week. In fact, there are way too many to list here and do so accurately. So, the best defense is a strong offense. Be proactive, not reactive. If you continue to use the Google Chrome browser as your daily driver browser, run updates frequently to keep your data/information as safe as it deserves.

Mozilla's Vision For The Evolution Of The Web

I admit it. I'm a diehard Firefox fan. I like how Mozilla approached the browser, and the steps it takes to keep its users safe from the assorted riff-raff out there on the interwebs. I like Mozilla's philosophy. I've been a Firefox user since its earliest days, and have remained a faithful user ever since. Nothing else quite feels "like home" to me as I'm browsing the web as it does when I'm using Firefox.

Well, if Mozilla had their way (and I hope they do), the web would be a much safer place for all users. Mozilla holds to their goals expressed in the Mozilla Manifesto. They put out their mission statement for all to see. They invite everyone to participate, to have a seat at the table, if you will.

They have even gone so far as to publish their vision for the continued evolution of the web. In a nutshell, they want to build an internet that has openness, agency, safety, privacy, security, performance, and user control at the core of web principles.

I wish them well and much success in their efforts. Know that they have my full support, as they most likely have broad support from all around the world and from many different corners of our human existence.

At the very least, it's a good, refreshing read, and well worth your time.

First Ever Eco-Certified Computer Program: KDE's Popular PDF Reader Okular

Okular, KDE's popular multi-platform PDF reader and universal document viewer, has officially been recognized for sustainable software design as reflected in the recent award criteria for software eco-certification. In February 2022 Okular was awarded the Blue Angel ecolabel, the official environmental label awarded by the German government. Introduced in 1978, Blue Angel is the world's earliest established environmental label, and Okular is the first software product to be certified with its seal. What is more, Okular is the first ️ever eco-certified computer program within the 30 organizations of the Global Ecolabelling Network! This network, of which Blue Angel is a member, represents over 50 countries.

You can read more about the award here.

Increase Privacy With Brave Browser

Out of the gates, Brave browser is much better about guarding your privacy than Google Chrome, despite having similar DNA as the Google Chrome browser. BUT, you can make Brave help protect your privacy even more.

You can change what appears on your default home screen in Brave, prevent it from calling home (ever), control what information is shared with the websites you visit, block social media tracking, and lots more.

For the full rundown on making the tweaks to the Brave browser, head on over to the article on Lifehacker, and follow the steps laid out there.

DuckDuckGo Removes Pirate Sites, Youtube-dl From Search Results

Reprinted from TorrentFreak under CC-SA-3.0 license. April 15, 2022. Privacy-centered search engine DuckDuckGo has completely removed the search results for many popular pirate sites including The Pirate Bay, 1337x, and Fmovies. Several YouTube ripping services have disappeared, too and even the homepage of the open-source software youtube-mp3 is unfindable.

Launched in 2008, search engine DuckDuckGo is a go-to service for Internet users who value their privacy.

Unlike many competitors, the site doesn't keep a record of users' IP addresses or other sensitive information.

In recent years, the site also stood out by returning cleaner results than competitors such as Google, which actively alters its algorithms to downrank pirate sites. At one point, Google even pointed users to DuckDuckGo when they searched for Pirate Bay proxies.

DuckDuckGo Fears Liability

The privacy-focused search engine is not immune to potential copyright issues, however. This first became apparent when it removed several search shortcuts for 'pirate' sites. These "bangs", as they are called, were seen as a potential copyright infringement liability.

"We operate globally, as do bangs, and products that actively facilitate interaction with illegal content can have us and our employees face significant legal liability, and jeopardizing the entire service," DuckDuckBang's Tagawa explained.

DuckDuckGo ended up removing roughly 2,000 bangs for popular sites including The Pirate Bay, 1337x, and RARBG. At the time, the search engine stressed that these sites were still listed in search results. However, that appears to have changed now.

Pirate Domains are Deindexed?

When doing some research earlier today we noticed that several popular pirate sites were no longer showing up in DuckDuckGo's results globally. Initially, we thought that some popular pages had been removed following DMCA takedown notices, but there is clearly more going on than that.

Update April 17: DuckDuckGo informs us that no domains were removed but they are having some issues and we still have questions. More details are at the bottom of the article.

For example, searching for "site:thepiratebay.org" is supposed to return all results DuckDuckGo has indexed for The Pirate Bay's main domain name. In this case, there are none.

The lack of results is not tied to a specific country and manually fiddling with the region settings didn't change anything either. Apparently, DuckDuckgo has simply removed all thepiratebay.org URLs from its index.

This whole-site removal isn't limited to The Pirate Bay either. When we do similar searches for 1337x.to, Fmovies.to, Lookmovie.io, and 123moviesfree.net, no results appear. For RarBG.to and Fitgirl-repacks we only get one result, instead of the hundreds of thousands we see on other search engines.

The absence of results doesn't only apply to pirate sites themselves. For example, there are no results for the streaming portals Flixtor and Primewire. In addition, the associated status pages, which merely include links to the official domains, are not indexed either.

Even several popular stream-rippers have been completely wiped from the search results. That includes 2conv.com, Flvto.bid, and several others.

Youtube-dl Gone?

The most surprising omission, by far, is that the official site for the open-source software youtube-dl is not indexed by DuckDuckGo. This site certainly doesn't host or link to any copyright-infringing material.

The youtube-dl code repository was previously removed from GitHub, following a takedown notice sent by the RIAA. After looking more closely at the matter, Github eventually restored it.

We don't know why the official youtube-dl.org website is not in DuckDuckGo's search results, but at least the official GitHub repository is still findable.

Why?

TorrentFreak reached out to DuckDuckGo to discover why these domain names are not showing up in its search results. At the time of publication, we have yet to hear back. It wouldn't be a surprise if the move is copyright-related, though.

A few months ago, Google also started to remove several pirate site domains from its search results. However, in Google's case, these delistings are regional and linked to ISP blocking orders.

It's worth pointing out that many pirate sites are still findable in DuckDuckGo. However, the search engine could certainly provide some transparency to help clear up what's happening exactly.

Rightsholders will be happy to see that pirate sites are removed from DuckDuckGo, but it's not without risks for users. While seasoned pirates can probably still locate the sites in question, more shady knockoff sites will now appear higher in its search results.

--

Update April 17: DuckDuckGo has responded to our findings and says that no domains were removed, according to their records.

Before publishing the article we searched for YouTube-dl and The Pirate Bay without the "site:" operator the official domains were not showing up at our end. They do now.

DuckDuckGo's statement below seems to contradict our initial findings, however.

"After looking into this, our records indicate that YouTube-dl and The Pirate Bay were not removed from our search results when you searched for them directly by name or URL -- as you noted in your piece. This is how the vast majority of people navigate to a page."

"As our CEO & Founder shared in this tweet, we are having issues with our site: operator, and not just for these sites, but now at least the official site should be coming up for people when they use the site: operator for them."

Interestingly, both YouTube-dl and Thepiratebay.org still don't show up on Bing. We asked DuckDuckGo whether this could be related to Bing data they use and will update this article if we hear back (see update 2 below).

Still Unfindable?

Also, there are other "pirate" sites that we didn't mention in the original article that are still unfindable in DuckDuckGo.

For example, YTMP3.cc, which is one of the most popular YouTube rippers with millions of monthly visitors. According to the "site:" operator there are 0 results indexed. And searching for YTMP3.cc or YTMP3 doesn't bring up the site either. Google has no trouble finding this domain (but Bing does).

Or what about the torrent site Prostylex.org? According to the "site:" operator there are zero results indexed and searching for Prostylex.org or Prostylex doesn't bring up the official site either. Again, the domain is findable in Google.

We don't doubt that DuckDuckGo hasn't intentionally removed any URLs but there still appear to be strange issues with pirate-related searches.

Update 2: A DuckDuckGo spokesperson confirmed to TorrentFreak that the issues are related to Bing data.

Update April 18: The unfindable domains we pointed out in the update are back now as well, after we informed DuckDuckGo about the issue.

Then, on April 19, TorrentFreak wrote a follow-up article.

Last week we noticed that several high-profile "pirate" sites were unfindable in DuckDuckGo's search results. It wasn't clear why these domains had been 'removed' but after some back and forth, Bing is now mentioned as the culprit. DuckDuckGo is working hard to mitigate the problem, which is more widespread than we initially reported.

It's not a secret that Google and Bing are tweaking their search results to accommodate copyright holders.

However, it was a surprise to see that pirate and related sites also started to disappear from DuckDuckGo, as we reported last week.

An initial review revealed that the official domains for sites such as The Pirate Bay, Fmovies, and YouTube-DL were no longer showing up. This led us to conclude that they had been removed for some reason or another.

Not Removed?

DuckDuckGo didn't immediately respond to our findings but after two days DuckDuckGo founder and CEO Gabriel Weinberg reacted on Twitter.

According to Weinberg, the search engine never removed anything. Instead, the problems were attributed to the "site:" search operator we used as an example in our article. Apparently, that is broken.

"We are not 'purging' YouTube-dl or The Pirate Bay and they both have actually been continuously available in our results if you search for them by name (which most people do). Our site: operator (which hardly anyone uses) is having issues which we are looking into," Weinberg wrote.

These comments suggest that our coverage was wrong. However, that's not the full picture, far from it.

When we wrote our article, we didn't only use the "site:" operator. We also searched for keywords directly, without the domain names showing up. This means that the sites were unfindable for another reason.

DuckDuckGo Restoral

Coinciding with the tweets from DuckDuckGo's CEO, several of the domains we listed in our article started to reappear in the search engine. The Pirate Bay homepage reappeared, and the same applies to YouTube-DL and Fmovies, even when we use the 'broken' "site:" operator.

These restorations supported the suggestion that this was merely a temporary technical issue. However, it wasn't hard to find other examples of domains that were still unfindable.

On Sunday, we updated our article to add that YTMP3.cc and Prostylex were not appearing in search results; a few hours later these reappeared as well.

While we were amazed by this magical superpower that allows us to revive websites by simply mentioning them, someone else was pulling the strings. Behind the scenes, DuckDuckGo was working hard to restore sites that were mentioned in the media.

It's Bing

At this point, it became clear that the search engine wasn't at all happy with what was happening. They never actively removed any of these sites. Instead, a third-party data provider 'removed' the results for them.

Like many other smaller search engines, DuckDuckGo uses hundreds of data sources, including Bing. After some back and forths, DuckDuckGo's spokesperson informed us that Microsoft's search engine was the culprit.

"Yes, this is related to using data from Bing," DuckDuckGo's Senior Communications Manager Allison Goodman said.

Goodman also asked us to share a list of additional sites that were affected, so they could look into these. And indeed, a few hours after we sent over more affected domains such as 1fichier.com, 2embed.ru, and torrentgalaxy.com, these were restored as well.

Broader Issue

It's understandable that DuckDuckGo wasn't happy with the coverage. However, the problem was real. And since it's emanating from Bing, other smaller search engines that rely on that data may be affected as well.

"Since these occurrences originated on Bing, they were passed down to our results, as well as other Bing syndication partners," Goodman clarifies.

For DuckDuckGo, it may be tricky to resolve the issue permanently as long as it relies on Bing. Aside from the potential legal implications of actively restoring pirate sites, there are dozens, if not hundreds of other domains that are still unfindable.

We don't intend to keep hammering on this but, at the time of writing the streaming service gimy.app is not showing up in the search results.

Inaccurate DMCA Removals?

While looking into these issues, we noticed that Bing also affects DuckDuckGo in other ways. From what we can see, the DMCA removals also spill over, including the inaccurate ones.

For example, some news articles from TorrentFreak are not available in Bing, presumably due to takedown requests. That includes this news report about a leaked Game of Thrones episode.

A few weeks ago Warner Bros. asked Google to remove this article. Google refused to do so, but it looks like Bing complied as the article is unfindable there. When we search for the title or even the URL, it's not there.

The same applies to DuckDuckGo, where the article is not listed. Instead, the top hit is a copy of our reporting. In Google's search results our news article is the first result, as expected.

All in all, we want to emphasize that these issues are not caused by DuckDuckGo, which has been trying hard to mitigate the problem. However, the issues do exist and it is clearly more than a broken search functionality.