A White House office called the National Design Studio (NDS) has been rebuilding several sensitive federal websites, using tracking methods that raise privacy concerns. The office is staffed largely by veterans of the Department of Government Efficiency (Doge) and was created by a Donald Trump executive order in August 2025.
According to The Guardian, NDS has been operating with little public visibility, taking over or building portals for services including passport applications, voter registration, children’s savings accounts, and prescription drug pricing.
Sites linked to NDS, including ndstudio.gov, trumprx.gov, realfood.gov, and trumpaccounts.gov, were reportedly running PostHog, a commercial visitor-tracking tool. The software was configured to bypass privacy tools that many people use to protect themselves online.
Tracking code routed through federal sites to avoid detection by adblockers
The tracking code was set up to send data through the federal website itself, making the traffic look like ordinary site activity to adblockers. According to PostHog’s own documentation, this method works because adblockers have not identified or cataloged the setup, so they don’t know what to block.
The tracking went beyond basic analytics. The sites reportedly included a session-recording feature capable of logging every click, scroll, and keystroke made by a visitor. The tracking was active on two of the sites, while it remained switched off on the others through a single setting that NDS could turn on at any time. NDS reportedly removed the tracking software shortly after questions were raised on June 4.
None of the NDS sites contains the public filings required under federal laws such as the Privacy Act of 1974 and the E-Government Act of 2002. There are no privacy impact assessments explaining what data is collected or where it goes. NDS also does not appear in any federal contracting database, leaving its funding sources and the parties paying for its developers and tools unclear.
One of the most sensitive projects connected to NDS is a copy of vote.gov. By law, the official voter-registration site is run by an independent, bipartisan commission, a structure meant to keep the presidency from controlling the system. NDS reportedly built a version of the site that runs on White House-controlled systems, which could allow the administration to see who is registering to vote in the weeks before an election.
Questions about election security have also surfaced elsewhere, including delays in releasing a voting machine vulnerability report ahead of the midterms. The Election Assistance Commission said it is not familiar with the NDS domains and that the project has been paused.
John Davisson, senior counsel at the Electronic Privacy Information Center, described the situation as a “second skunk-works version of the federal government” operating outside normal privacy laws. The lack of transparency around NDS’s funding echoes other disputes over White House spending, such as conflicting accounts of who paid for a White House walkway project.
Published: Jun 30, 2026 09:17 am