The National Design Studio, staffed by DOGE veterans, installed visitor-tracking software on vital federal websites

An opaque White House office staffed largely by veterans of Elon Musk’s “department of government efficiency” (DOGE) has quietly rebuilt some of the federal government’s most sensitive websites – for passport applications, voter registration, prescription-drug pricing and children’s savings – in ways critics say appear to violate federal law.

A Guardian investigation has found the office has apparently been developing or redeveloping sensitive federal websites, including those connecting Americans with prescription drugs, children’s savings accounts, passports and voter registration. The investigation corroborates and advances earlier reporting by the Drey Dossier, a YouTube investigative outlet.

The NDS built and now operates four public federal websites: ndstudio.gov, trumprx.gov, realfood.gov and trumpaccounts.gov. All four ran commercial visitor-tracking software, configured to evade the privacy tools many web users install, and none carry the public filings federal privacy law requires under laws including the Privacy Act of 1974 and the E-Government Act of 2002.

  • TryingToBeGood@reddthat.com
    link
    fedilink
    arrow-up
    0
    ·
    3 days ago

    Even the regular government websites, never very robust to begin with, are worse under these dimwits. Parts of the FDA site regularly go down. (Am a legal analyst who goes through a couple dozen government websites every day.)

  • dan@upvote.au
    link
    fedilink
    arrow-up
    0
    ·
    3 days ago

    I haven’t watched the source video yet, but software like Google Analytics and PostHog is very commonly used for analytics purposes. I’d argue that PostHog (which is what the government used) is better than Google Analytics because it’s open-source (except for enterprise features) and you can self-host it.

    Website source code shows that PostHog has been configured on NDS-run sites to route analytics requests through an address on the federal website itself, rather than through PostHog’s own servers. Because the request appears to go to the site the user is already visiting, rather than to a recognisable third-party address, adblockers don’t flag it.

    The article makes this sound malicious, but this is just standard behaviour when you self-host something. It’s running on your server, so it’s at your own domain name.

    • Marty_TF@lemmy.zip
      link
      fedilink
      arrow-up
      0
      ·
      3 days ago

      ur missing the point on how all those gov websites are now no longer under their respective committee or whatever, but under the prrsident without oversight and regulation.

  • boydster@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 days ago

    Hat’s off to The Drey Dossier for being way out in front of this story, and super glad to see it on more mainstream news

    • mayabuttreeks@lemmy.ca
      link
      fedilink
      arrow-up
      0
      ·
      3 days ago

      Right?? I saw the headline and clicked immediately hoping to see her credited; good on the Guardian for putting more eyes on this.