Facebook stands to lose the most, but Google is more likely to lose: That's the consensus of experts Axios asked to rank the threats the two tech giants face as five separate major antitrust lawsuits bear down on them, Axios' Margaret Harding McGill, Ashley Gold and Kyle Daly report.

Why it matters: A loss for Facebook or Google in any of the cases could force deep changes in how Silicon Valley does business — and even lead to a court-ordered breakup.

Here's your crib sheet for the cases.

DOJ vs. Google: The Justice Department, which went first in October, says Google sealed its dominance in online search in part using exclusive contracts to lock in its position as the default on browsers and mobile devices.

• Outlook: The DOJ suit is the most cautious and perhaps most nailed-down of the bunch. It targets a set of behaviors comparable to those that have gotten companies in trouble in past antitrust cases — including the landmark case against Microsoft.

Texas vs. Google: A Texas-led group of state attorneys general says Google has manipulated its ad technology to disfavor competing online ad exchanges — and secretly colluded with Facebook to make that happen.

• Outlook: This case is headline-grabbing, but big redactions hide its evidence. It's seen as a wild card — if the claims are true, the companies are in trouble.

Colorado et al. vs. Google: A Colorado- and Nebraska- led group of AGs, whose suit landed Thursday, says Google steers users to its own offerings and away from specialized search providers like Yelp and TripAdvisor — and is already porting a pattern of crushing competition into voice search and other rising tech.

• Outlook: Plaintiffs want this case to be merged with the DOJ's, which would link their fate.

FTC vs. Facebook: In November, the Federal Trade Commission charged that Facebook acquired Instagram and WhatsApp to smother nascent competitors. FTC also charges that Facebook blocked competitors from using code that would link their services to Facebook's vast user base.

• Outlook: Experts see Facebook as less at risk than Google of a big loss — but if it does lose, there's the possibility a court might force it to sell off two of its biggest units.

States vs. Facebook: A New York-led AG coalition targets Facebook's Instagram and WhatsApp deals as well, and says the damage Facebook has done to competition has stopped rival services from flourishing that would better protect people's privacy.

• Outlook: This case is likely to end up consolidated with the FTC's in one big Facebook proceeding.

The catch: If either company loses just one of these cases, it could face anything from a slap-on-the-wrist fine to stringent new rules of conduct to a massive "structural remedy" like a breakup. But before any of that happened after likely lengthy trials, there'd be one or more rounds of appeals. We're talking years in court before anyone has to do anything.

The bottom line: Several antitrust experts told Axios that it will be hard to prove that Facebook's years-old acquisitions should have been barred. Proving that Google is taking ongoing action that hurts competition is probably easier.

Apple this week posted new privacy "nutrition labels" on apps in the iOS App Store, giving users a look at how different apps stack up according to Apple's standards, Axios' Sara Fischer reports.

The big picture: The labels show that generally, social media apps collect more kinds of data than messaging apps.

• Messaging apps owned by Facebook, like Whatsapp and Messenger, appear to collect more data than some of their peers, per Apple's labeling standards.
• Signal, which is run by a privacy-focused non-profit, collects virtually no data from its users.

Where it stands: The labels are meant to serve as an easy-to-view summary of how apps collect user data for users to review before they install a new app.

• Apple does post privacy labels for its own apps, like Messages, but they do not appear in the App Store, since these apps are pre-installed. A user has to find the labels on the web separately.

Yes, but: Some developers, like Facebook's messaging service WhatsApp, worry that the summaries are too broad and could spook users into thinking they collect more data than they do.

Details: Apple identified a set of data types including purchases, financial information, location, contact information, health and fitness, search history and browsing history.

• Any of this data can then fall into three categories: data that's linked to your identity, data used to track you and data that isn’t personal to you.

Between the lines: It's helpful to know what type of data an app collects from you, but that doesn't give you any insight into the actual volume of data the app may be collecting.

The blast area of the giant Russia-linked hack of the U.S. government that came to light Sunday keeps widening.

The latest: Hackers accessed networks in the Energy Department, including its National Nuclear Security Administration, which manages the U.S. stockpile of nuclear weapons, Politico reported.

• That's in addition to the previously reported compromise of networks in the Defense, State, Homeland Security, Commerce and Treasury departments.
• "Highly malicious activity" was detected at the Federal Energy Regulatory Commission, which stores electrical grid data.
• Per Politico, the Energy Department said the intrusions were limited to "business networks" and did not extend to "mission essential national security functions."

The big picture: The hackers' path of entry led through a flaw in SolarWinds, a widely used network monitoring system.

• The government's multi-billion dollar intrusion detection system, Einstein, failed to flag the attack when it began last spring, according to a Washington Post report.
• 18,000 customers of SolarWinds used its product. That doesn't mean 18,000 people — each one is a possibly huge company or institution.

One of them was Microsoft, which announced Thursday it had found 40 of its customers, mostly in the U.S., compromised in the hack.

Our thought bubble: We’re still only at the start of understanding how big and how bad this attack was.

• The gravity wasn't immediately apparent because this wasn't the "cyber Pearl Harbor" that experts have warned about, notes Axios' Mike Allen. No one took out a power grid, or stole a bunch of money or destabilized the markets.
• Instead, it's more like someone has been walking in and out of your house for months, and you don't really know what they took.
• And they may have built a secret door. "For someone to have access that long, who's this sophisticated, it's pretty likely they built other ways to get in that are hard to find," one Trump administration official told Mike.

What they're saying: Although many experts have identified Russia's fingerprints on the attack, the Trump administration has not named Russia as the responsible party, and President Trump himself has said nothing about it at all.

• Sen. Mitt Romney (R-Utah) compared the hack to "Russian bombers ... repeatedly flying undetected over our entire country," in a Thursday tweet, decrying "inexcusable silence and inaction from the White House."
• President-elect Joe Biden Thursday called for "imposing substantial costs on those responsible for such malicious attacks."

The Biden administration should evaluate new technologies like artificial intelligence and facial recognition through "a civil rights lens," argues a new paper shared exclusively with Axios. One of its authors is a volunteer on the Biden-Harris transition team, Ashley reports.

The big picture: The paper from The Day One Project, a group of mostly former government staffers, advocates Biden establish a task force within the White House Office of Science Technology Policy to push federal agencies to share information about issues like facial recognition and targeted advertising.

Details: The paper's authors are Laura Moy, director of the Center on Privacy and Tech at Georgetown University and a volunteer on the Biden-Harris transition team, and Gabrielle Rejouis, senior policy manager on Color of Change's media, culture and economic justice team. (Moy participated in a personal capacity, not as a transition representative.)

What they're saying: "Tech policy issues — from online privacy to self-driving cars to encryption — must now be examined through a civil rights lens," they write. "Civil rights issues — from housing and employment discrimination to redlining to voter suppression — must now be examined through a technology lens."

• But experts in technical regulation and equal opportunity law rarely know one another's fields, they note.
• The Federal Trade Commission has never issued a legal complaint against algorithmic bias, they write.

On Tap

• It's the Friday before Christmas, so — unless someone has some very bad news they want to release late in the day, betting no one will pay attention — I hope the only thing on tap for you will be something warming to drink.

Trading Places

• Cloudflare named cofounder Michelle Zatlyn, already its COO, as president.
• Former TechCrunch COO Ned Desmond joins venture firm SOSV as senior operating partner.

ICYMI

• Sony removed the bug-ridden game Cyberpunk 2077 from its Playstation Store, which faced outages Thursday night from the volume of users seeking refunds. (The Verge)
• Coinbase, a cryptocurrency trading and information giant, filed confidentially to go public. (Axios)
• The Trump administration has blacklisted leading Chinese chipmaker SMIC to keep it from doing business with U.S. companies and importing needed hardware components. (WSJ)

As we bid Hanukkah farewell, surely you can't resist watching NIAID director Anthony Fauci weigh in on the very spicy "Latkes vs. Hamentashen" debate.