Meta must change its surveillance advertising model.
Until they do so, you can use your legal right to object to targeted adverts based on your personal data.
Use our tool to make this request (UK residents) and take control of your privacy
Act Now to #StopStalkerAds
To stop Meta from using the migrant crisis as a marketplace to line their pockets, ORG calls for:
A clear and explicit OPT-IN for targeted advertising.
Full transparency on how ads are targeted in Meta's public ad library.
Proper resourcing for pre-publication ad moderation — to catch fraud and harmful content before it reaches users.
Previous research funded by the Scottish Institute for Policing Research found that Meta’s profiling tools allowed the UK Home Office to build ‘patchwork profiles’ of likely refugees.
This stitches together interests, behaviours and language categories to target them with scare campaigns.
Meta’s profiling and microtargeting means it profits from all aspects of the global migrant crisis.
Its vast surveillance-based infrastructure is also being used by the UK Home Office to target refugees with fear-based advertising to deter people from crossing the Channel in small boats.
Either way, Meta profits from stalker ads
Meta harvests personal data to track users' behaviour and make assumptions about them, so it can sell targeted adverts.
Surveillance-based advertising conceals a predatory marketplace behind a facade of personalisation.
This is being weaponised to deceive, divide and inflict harm, simply by disguising criminal adverts behind harmless-looking pages.
ORG's report shows that Facebook pages disguised as gaming communities are being used to target migrants with illegal services.
These findings expose a stark reality:
Even after public scandal and media scrutiny, Meta's systems are still enabling fraudsters to prey on migrants.
NEW: ORG investigation reveals Meta enables vulnerable people to be targeted with disinformation and fraudulent ads.
With ads offering fake identity documents still running on Facebook, Meta is profiting from the global migrant crisis.
Read more about our report on Meta's surveillance capitalism advertising model
https://www.openrightsgroup.org/press-releases/new-report-how-meta-is-monetising-the-migrant-crisis/
AYFKM?!!?
#DOGE assigned to work at agency where it illegally removed data
The ad hoc Department of Govt Efficiency team is assigning 2 staffers to work at the independent agency where a #whistleblower alleged Tues DOGE may have already removed sensitive #labor #data from its systems.
Just 1 day after #NPR reported on the disclosure filed by whistleblower Daniel #Berulis, DOGE reps visited NLRB’s office in DC for a meeting.
#law #NationalSecurity #InfoSec #Trump #Musk
https://www.npr.org/2025/04/16/nx-s1-5366851/doge-nlrb-whistleblower-musk-data
Beluris came to that conclusion…after he saw a traffic spike in DNS requests parallel to the #data being exfiltrated, a spike 1,000 times the normal number of requests.
When someone uses this technique, they set up a domain name that pings the target system w/questions or queries. But they configure the compromised server so that it answers those DNS queries by sending out packets of data, allowing the attacker to steal info that has been broken down into smaller chunks.
While investigating the #data taken from #NLRB, Berulis tried to determine its ultimate destination. But whoever had exfiltrated it had disguised its destination too….
#DOGE staffers had permission to access the system, but removing data is another matter.
Berulis says someone appeared to be doing something called DNS tunneling to prevent the data exfiltration from being detected.
Berulis noticed 5 PowerShell downloads…, a task automation program that would allow engineers to run automated commands. There were several code libraries that got his attention—tools that appeared to be designed to automate & mask #data exfiltration. There was a tool to generate a seemingly endless number of IP addresses called "requests-ip-rotator," & a commonly used automation tool for web developers called "browserless" — both repositories starred or favorited by Wick, the #DOGE engineer….
In fact, when they looked into the spike, they found that logs that were used to monitor outbound traffic from the system were absent. Some actions taken on the network, including #data exfiltration, had no attribution—except to a "deleted account," he continued. "Nobody knows who deleted the logs or how they could have gone missing," Berulis said.
For #cybersecurity experts, that spike in #data leaving the system is a key indicator of a #breach, Berulis explained.
When Berulis asked his IT colleagues whether they knew why the data was exfiltrated or whether anyone else had been using containers to run code on the system in recent weeks, no one knew anything about it or the other unusual activities on the network….
Regardless, that kind of spike is extremely unusual, …because #data almost never directly leaves from the #NLRB's databases. In his disclosure, Berulis shared a screenshot tracking data entering and exiting the system, & there's only one noticeable spike of data going out. He also confirmed that no one at the NLRB had been saving backup files that week or migrating data for any projects.
From what he could see, the #data leaving, almost all text files, added up to around 10GB…. It's a sizable chunk of the total data in the #NLRB sys, though the agency itself hosts over 10TB in historical data. It's unclear which files were copied & removed or whether they were consolidated & compressed, which could mean even more data was exfiltrated. It's also possible that #DOGE ran queries looking for specific files…& took only what it was looking for….
On its own, that wouldn't be suspicious, though it did allow the engineers to work invisibly & left no trace of its activities once it was removed.
Then, Berulis started tracking sensitive #data leaving the places it's meant to live…. First, he saw a chunk of data exiting the NxGen case management system's "nucleus," inside the #NLRB system, Berulis explained. Then, he saw a large spike in outbound traffic leaving the network itself.
…while many of the #NLRB's records are eventually made public, the NxGen case management system hosts #proprietary #data from #corporate competitors, personal information about #union members or employees voting to join a union, & #witness testimony in ongoing cases. Access to that data is protected by numerous federal #laws, including the #Privacy Act.