A growing number of anonymous X users have reported discovering through Google Trends that their full legal names, which they never disclosed publicly online, were being searched from Israel shortly after they posted criticism of Israel's military actions. The reports, documented in a MintPress News investigation published this week, span users from different countries and political backgrounds, all sharing one commonality: they had criticized Israel on the platform. One user reported their full legal name, including middle name, had been searched from Israel 11 times in a single day, while another claimed their name was searched 100 times after posting content related to the Jeffrey Epstein case.
The controversy has placed renewed scrutiny on Au10tix, the Israeli identity verification company that X has used to process user identity documents since 2020. Au10tix, founded in 2002 as the technological arm of ICTS International, a Dutch-registered security company established in 1982 by former members of Shin Bet, Israel's domestic intelligence agency, and former security officials of the Israeli airline El Al. The company, headquartered operationally in Hod HaSharon, Israel, requires X users seeking premium verification to upload a government-issued photo ID and a selfie, which are then transmitted to Au10tix for biometric processing.
Multiple Au10tix employees have confirmed backgrounds in Unit 8200, Israel's signals intelligence unit equivalent to the US National Security Agency, which provides approximately 90 percent of Israel's intelligence material. According to publicly available LinkedIn profiles, former Unit 8200 personnel occupy roles ranging from developer to analytics manager at the company. Unit 8200 alumni have also founded controversial surveillance firms including NSO Group, creator of the Pegasus spyware. Au10tix has stated that it is committed to international privacy standards and does not transfer details to any third party.
The privacy concerns are compounded by a major data breach revealed in June 2024 by 404 Media. Infostealer malware on an Au10tix employee's computer harvested administrator credentials in December 2022, and those credentials were posted to a Telegram channel in March 2023. Security researchers discovered the credentials were still functional 18 months later, potentially exposing the full names, dates of birth, nationalities, identification numbers, and facial scans of users across Au10tix's client base, which also included TikTok, Uber, LinkedIn, and Coinbase. The Electronic Frontier Foundation warned that identity verification systems are fundamentally surveillance systems and that such breaches can lead to identity theft, blackmail, or the loss of anonymity.
The timing of the reports is particularly sensitive, coming approximately one week after the United States and Israel launched coordinated military strikes against Iran on February 28. The European Union, United Kingdom, and European Economic Area are excluded from X's Au10tix-based verification program, almost certainly because the General Data Protection Regulation prohibits sending biometric data to third-party companies under such conditions. X began a partial transition to the payment processor Stripe for US-based verification in June 2024 after owner Elon Musk acknowledged user complaints, but the company continues to use a multi-vendor approach that includes Au10tix. Experts have cautioned that Google Trends data has known sampling limitations that can produce misleading results for low-volume searches in small regions, meaning the evidence, while visible on the platform, does not definitively prove systematic surveillance.
Comments