Privacy Roundup: Week 13 of Year 2025
This is a news item roundup of privacy or privacy-related news items for 23 MAR 2025 – 29 MAR 2025. Information and summaries provided here are as-is for warranty purposes.
Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user’s devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed.
Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or “popular” stories.
Privacy Tip of the Week
Using a private search engine is a good way to begin improving your privacy. Private search engines generally avoid connecting users to their searches.
Surveillance Tech in the News
This section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy.
Madison Square Garden’s surveillance system banned this fan over his T-shirt design
The Verge
This pretty much boils down to a company leveraging data aggregation (whether first-party or third-party, but likely both) to ban a guy for life from its venues. In other words, based on data they had on this individual, they determined they do not want him on its properties – even though he himself had never “did anything” on their properties.
Privacy Tools and Services
Primarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com
Privacy Tools
“MyTerms” wants to become the new way we dictate our privacy on the web
ArsTechnica
“MyTerms” (draft standard IEEE P7012) is a proposed standard for machine readable personal privacy terms. Generally speaking, you as the user could preset a “contract” for web properties you visit that inform the website which information you will and will not offer for access to content/services. The website will presumable being able to 1) work with that contract, 2) modify (or serve up and alternate version) of itself to meet the user terms, and/or 3) tell you it can’t meet the terms of the contract.
This is a large departure from things like Do Not Track (DNT) – DNT is a request sent via HTTP header that the website does not have to follow or even acknowledge. MyTerms is designed to be a demand versus a request.
Privacy Without Compromise: Proton VPN is Now Built Into Vivaldi
Vivaldi
Vivaldi integrates ProtonVPN natively into its desktop version of its browser.
A smarter VPN experience: Introducing the Mozilla VPN extension for Windows
Mozilla
Mozilla releases a VPN extension for its VPN service that supposedly lets users choose which websites to enable/disable VPN or choose a different VPN server location. As of writing this extension is for Firefox (or Gecko-based) installations on Windows.
Organic Maps update improves user navigation experience
AlternativeTo
Organic Maps, an alternative to Apple Maps and Google Maps, has introduced split screen mode, enhanced routing algorithms for cyclists, individual track sharing, and flexible route planning.
Messaging editing, deletion and saving now available
Deltachat blog
Deltachat has rolled out the ability for users to:
- forward messages
- edit and delete messages
- sync messages across devices
- save messages
Pale Moon browser now accessible via Microsoft Store
AlternativeTo
The Pale Moon browser is now available on the Microsoft Store. The browser also recently released version 33.6.1, which focuses on security and bug fixes.
Privacy Services
ente blog
Ente has released version 1.0 of its photos app.
Proton Drive and Docs now support collaboration with users without Proton accounts
Proton
Proton users can now collaborate on documents with anyone — including those without Proton accounts.
Successful security assessment of our Android app
Mullvad
Mullvad’s Android app has successfully passed the Mobile Application Security Assessment (MASA), conducted by NCC Group.
Multihop now available on Android
Mullvad
Mullvad has introduced its server multihop feature to its Android client.
DAITA version 2 now available on all platforms
Mullvad
Mullvad has rolled out version of their “Defense Against AI-guided Traffic Analysis” (DAITA) model. Version 2 reduces traffic overhead and introduces dynamic configurations varying VPN tunnel characteristics.
Vulnerabilities and Malware
Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.
This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.
Vulnerabilities
Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783)
Qualys
Researchers at Qualys have discovered an actively exploited zero-day in Chromium. Tracked as CVE-2025-2783, this vulnerability, when exploited, could allow attackers to bypass Chromium’s sandbox. Google has addressed this vulnerability in version 134.0.6998.177/.178 for Windows.
This vulnerability is not just limited to Chrome – it affects all Chromium-based browsers. Users running a Chromium fork (which includes popular browsers such as Brave, Vivaldi, among others.)
Mozilla patches Firefox bug ‘exploited in the wild,’ similar to bug attacking Chrome
TechCrunch
Firefox version 136.0.4 fixes a vulnerability, tracked as CVE-2025-2857, that when exploited could lead to a sandbox escape. This vulnerability was exploited in the wild and only affects Firefox on Windows.
Note: This vulnerability is similar to a sandbox escape (CVE-2025-2783) for Chrome.
New Ubuntu Linux security bypasses require manual mitigations
Bleeping Computer
Three security bypass vulnerabilities have been discovered in Ubuntu’s unprivileged user namespace restrictions. A local unprivileged user can create user namespaces with full administrative privileges. The local attacker could then exploit vulnerabilities in various kernel components.
Malware
Microsoft Trusted Signing service abused to code-sign malware
Bleeping Computer
Threat actors are abusing the Microsoft cloud service Trusted Signing…
*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoid The Hack!. Read the original post at: https://avoidthehack.com/privacy-week13-2025
