
ToTok, an Emirati messaging app, is the latest escalation of a digital arms race - JumpCrisscross
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html
======
asdfman123
> ToTok amounts to the latest escalation in a digital arms race among wealthy
> authoritarian governments, interviews with current and former American
> foreign officials and a forensic investigation showed. The governments are
> pursuing more effective and convenient methods to spy on foreign
> adversaries, criminal and terrorist networks, journalists and critics —
> efforts that have ensnared people all over the world in their surveillance
> nets.

So... um... how does the fact that the NSA monitors everything we do square
with this? Is it only an arms race when other governments try to do it, too?

(A more low effort response would be "Me trying to uninstall apps that the US
government monitors" and a GIF link to that scene in The Devil Wears Prada
where she throws her cell phone into the fountain.)

~~~
moron4hire
> Is it only an arms race when other governments try to do it, too?

Yes, that's literally what defines an "arms race".

~~~
asdfman123
I guess my question is whether or not the New York Times considers the US to
be a wealthy authoritarian government.

~~~
smt88
Wealthy, yes. If the US is considered authoritarian then the word starts to
lose any useful meaning.

~~~
geogra4
How could a country with the largest prison population in the world not fall
into at least some definition of authoritarian?

~~~
wolco
The government is elected by the people, it doesn't fit that definition.

An authoritarian type of government is a government that is in power by force.

Democracy and slavary existed together. Having a prison population 1 in 125
people doesn't matter because the people decided to elect someone to make that
decision.

~~~
ElFitz
> The government is elected by the people, it doesn't fit that definition.

Is it though? First rebuttal that comes to mind is that, in the US, one can
legally be elected without the having the majority of the counter, valid,
votes.

Another one would be that one can be elected without the approval of the
majority of the people who _could_ vote.

~~~
pathseeker
>Is it though? First rebuttal that comes to mind is that, in the US, one can
legally be elected without the having the majority of the counter, valid,
votes.

Yes, spend a couple of moments reading up on the EC. The rules haven't changed
in a long time. Even if you don't like it, that's only how the president is
elected. Federal representatives for the state are elected by getting the most
votes in a district.

>Another one would be that one can be elected without the approval of the
majority of the people who could vote.

Every election system that allows more than two candidates or allows people to
skip voting has this flaw.

~~~
snowron6
>Every election system that allows more than two candidates or allows people
to skip voting has this flaw.

This is completely false, there are plenty of voting systems out there that
allow for more than 2 people to run, yet still require a majority to vote for
you. Here's a playlist explaining several:
[https://www.youtube.com/playlist?list=PLNCHVwtpeBY4mybPkHEnR...](https://www.youtube.com/playlist?list=PLNCHVwtpeBY4mybPkHEnRxSOb7FQ2vF9c)

------
ColinWright

       So instead of paying hackers to gain
       access to a target’s phone — the going
       rate is up to $2.5 million for a hacking
       tool that can remotely access Android
       phones, according to recent price lists
        — ToTok gave the Emirati government a
       way to persuade millions of users to hand
       over their most personal information for
       free.
    

Yup.

~~~
drummer
I wonder why HN can't implement proper css for quotes that doesn't have
scrollbars.

------
cmdshiftf4
There's really not much in this, is there? Have we not concluded that

A) Modern governments will do anything they possibly can to infiltrate and
track not just their own citizens but those of foreign states

and

B) The modern average consumer will place convenience above just about
everything else in their lives, but especially any concerns about how their
data is handled or its effect on their personal privacy

That the government in question in A, in this case, accomplished so much
simply via marketing is a testament to B.

There's some chatter in the article pointing to the nationalities of those
working in Dark Matter and Pax (Americans, Europeans, Asians and some
Emirates), as though it too is consequential. How much of a step is it to make
to work for the NSA as a contractor writing code to monitor people, or a US
tech giant writing tracking and psycho-analysis tech via ads and other
patterns, to doing the same for a company elsewhere for presumably a higher
paycheck?

You could argue that some in the NSA are doing so out of patriotism and their
new behaviour constitutes betrayal, but the same can't be said for former
workers of Google or similar, and especially not Palantir.

I'm not sure what I'm expected to be outraged about here? The lack of
something blatant points to why a clickbait headline may have been chosen for
publishing.

~~~
doublement
[removed, wasn't actually relevant to article]

~~~
acqq
> The Chinese government, in general

...has nothing to do with the app from this article made by "Breej Holding"
"most likely a front company affiliated with DarkMatter, an Abu Dhabi-based
cyberintelligence and hacking firm where Emirati intelligence officials,
former National Security Agency employees and former Israeli military
intelligence operatives work."

~~~
doublement
You're right, I got confused about where I was and what I read! Previous
comment over-written.

------
anonu
Did they hijack TikTok searches by calling it ToTok? Not a bad strategy to
piggyback on another app's popularity...

~~~
euix
My theory has always been, Chinese will start behaving like Americans in
protecting their IP once they reach a similar level of reach and
sophistication with their products. It's starting...

Then the shoe will be on the other foot. Not that a couple hundred years ago
it wasn't the same.

~~~
chapium
I doubt this will happen unless there is motivation from the central
government to crack down on it. There are many cultural reasons shameless
copying is less stigmatized in China than in the west (not necessarily a
negative thing).

~~~
ebiester
Britain used industrial espionage to gather the technology to reach their
industrial revolution. The USA did it in turn. (It used to be a death sentence
for skilled technologists to emigrate.)

[https://www.allaboutlean.com/industrial-espionage-and-
revolu...](https://www.allaboutlean.com/industrial-espionage-and-revolution/)

[https://www.history.com/news/industrial-revolution-spies-
eur...](https://www.history.com/news/industrial-revolution-spies-europe)

------
dpedu
Is there a term for the kind of phrasing used in this headline? It seems to be
becoming more and more common.

~~~
xoa
Others have suggested "click-bait", which is probably the most likely term for
a headline specifically. It does assume the reasoning though, that it's being
done to drive views at the direction of marketing. Which granted is not an
unreasonable assumption, even media with very strong editorial policies that
will push back against most interference may consider "mere headlines" be a
place they can sacrifice to marketing, it's not uncommon these days in many
places to actually have a few different headlines created, served up at random
to a sample of initial browsers, and then have whichever one gets the most
clicks selected as the one that is displayed generally.

However if you want a more general term one might be "purple prose", which can
apply not just to headlines but to any text in an article. It's a subjective
judgement, but the idea is when there is text that is so excessively ornate,
emotional, extravagant, etc that it actually breaks the flow of your attention
and reading of the content itself. Basically, prose that stops serving to
convey the content and starts drawing attention to itself for the sake of
itself. It comes from a passage in one of the poetic works of Horace (Quintus
Horatius Flaccus, from Rome).

Again, it is subjective, because sometimes content really does deserve heavy
levels of verbage and different people have different tolerances. But when
flowery prose gets in the way of comprehension rather than enhancing it it's a
good candidate.

~~~
htfu
So it's settled. It's purple clickbait.

------
fortran77
Wired had an article on this too: see [https://www.wired.com/story/totok-
alleged-emirati-spy-app/#i...](https://www.wired.com/story/totok-alleged-
emirati-spy-app/#intcid=recommendations_wired-homepage-right-rail-
popular_38fa3ffb-d229-4453-a2f0-226697dd6462_popular4-1)

------
giancarlostoro
Interesting, looks like it's removed from the Play Store if i try to visit the
link:

[https://play.google.com/store/apps/details?id=ai.totok.chat&...](https://play.google.com/store/apps/details?id=ai.totok.chat&hl=en_US)

Here's the WebCache:

[https://webcache.googleusercontent.com/search?q=cache:9_TRm1...](https://webcache.googleusercontent.com/search?q=cache:9_TRm1KhueIJ:https://play.google.com/store/apps/details%3Fid%3Dai.totok.chat%26hl%3Den_US+&cd=1&hl=en&ct=clnk&gl=us&client=firefox-b-1-d)

~~~
cmdshiftf4
As per the article

>On Thursday, Google removed the app from its Play store after determining
ToTok violated unspecified policies.

~~~
giancarlostoro
I didn't imply it wasn't did I? I was just pushing the cached version for
those curious like me about the app itself and how popular it was (knowing
first hand is better than he said she said). On the other hand, I wish Google
and Apple would just disable downloading instead of getting rid of the whole
darn page.

------
deith
>ToTok amounts to the latest escalation in a digital arms race among wealthy
authoritarian governments

Why wealthy? You don't need much wealth to create a chat app.

~~~
c0nfused
You need the majority of your citizens to have enough money to buy smartphones
to install your app. You need to care about making it look like there is a
velvet glove on your surveillance.

~~~
maqp
Or you can just straight up arrest a citizen and ask why they spoke ill about
the police on WeChat:
[https://twitter.com/Snowden/status/1208469511051075585](https://twitter.com/Snowden/status/1208469511051075585)

~~~
JCharante
Don't some European countries do the same with tweets? (eg
[https://www.theverge.com/2016/3/24/11297128/matthew-doyle-
ar...](https://www.theverge.com/2016/3/24/11297128/matthew-doyle-arrest-
muslim-tweet-brussels))

They're both laws covering disturbing public order, which doesn't make them
that different from China (because deciding what "disturbs" the public is a
slippery slope)

------
pathseeker
How predictable, an expose of an Emirates spy tool and all of the top comments
are "what about the US tho".

~~~
hn2017
Comments on all platforms are easily ambushed from groups trying to push a
specific point of view. Unfortunately, this place also suffers from this on
political news.

------
tictoc
Hypothetically, if people just got off their devices, wouldn't this entire
digital arms race disappear? No phones. Not even computers except the bare
necessity use.

------
close04
> But the service, ToTok, is actually a spying tool, according to American
> officials familiar with a classified intelligence assessment [...] It is
> used by the government of the United Arab Emirates to try to track every
> conversation, movement, relationship, appointment, sound and image of those
> who install it on their phones.

Only way to fight against terrorists and pedophiles I hear... [/sarcasm]

------
peter_d_sherman
Here's my problem:

Let's suppose that I, or anyone else that reads Hacker News (like many of the
YCombinator companies) creates an app (as many of them have), and this app
becomes very popular in foreign countries, and goes on to get tons of users in
those foreign countries...

OK, now let's suppose that a foreign newspaper, like the New York times, but a
foreign version of that -- all of a sudden prints an article like this one,
alleging, but not showing a comprehensive proof (like the ones in mathematics
or logic) that there are all kinds of things unspeakably wrong with the app...

Well... maybe all of those things are true, but maybe they aren't...

How would I, as the end-user of such an app -- know for sure?

If the article isn't true... think of the gigantic swath of economic damage
that would be caused by an article like this...

And if the article is true... well, it could be argued that you've done a
great thing, and saved countless users' privacy rights...

That's quite the dichotomy of potential outcomes, based on what the truth of
the matter actually is...

So here's my question to the NYT: In this era of Fake News (which you are no
doubt aware of!), how do I prove to myself (as someone who is 50/50, that is,
a skeptic who is willing to believe, if the proper set of facts is presented
to them) that what you're saying is true?

?

Here are two things for the NYT to think about:

"Semper necessitas probandi incumbit ei qui agit"

The burden of proof lays on he who makes the claim

and

"Extraordinary claims require extraordinary evidence" -Carl Sagan

[https://en.wikipedia.org/wiki/Sagan_standard](https://en.wikipedia.org/wiki/Sagan_standard)

Saying that this stuff is true because the Intelligence Community says that
it's true -- is not unlike making an "Argument to/from Authority":

[https://en.wikipedia.org/wiki/Argument_from_authority](https://en.wikipedia.org/wiki/Argument_from_authority)

I don't know who the Intelligence Community is (much like I don't know who
other abstract entities are like "China" or even the "U.S." are) I don't know
who that is!

I do know who a guy named "John Smith" is, and I do know that if John Smith
raises his right hand in a court of law and under oath promises to "tell the
truth, the whole truth, and nothing but the truth, under penalty of perjury",
then John Smith's claim, when he makes it under those circumstances, carries a
whole lot more weight (to me) than the claims of any nameless, faceless,
unaccountable organization -- by whatever name they go by...

Due Process (enshrined in our Constitution, which the media does not seem to
give these days to all parties, despite the Constitution giving them their
right of Free Speech) presumes innocence until proven guilty, in a court of
law!

Now, all of that being said... I am willing to believe this article -- but I
require a higher standard of proof...

~~~
Wowfunhappy
> How would I, as the end-user of such an app -- know for sure?

Monitor network traffic, or maybe even decompile the binary. What information
is getting sent out of the app? Does it seem reasonable? If not, you have
cause for concern.

Unfortunately, modern platforms like iOS make this very difficult, frequently
in the name of protecting security and privacy, ironically. _This_ is a very
big problem.

~~~
peter_d_sherman
I agree.

But to broaden your point, it could be argued that this problem affects every
single application that uses the network... How do I know that Chrome,
Firefox, IE, or any other U.S. made piece of software -- doesn't leak private
information, one way or another? Intentionally or unintentionally?

I've thought about this long and hard (as someone who wanted to publish an
app), and the only two things I can come up with are:

1) Open the source code; that is, make it open source, and subject to peer
review.

2) Inform users that due to the complexity inherent in computers and
software/hardware/firmware stacks in this day and age, there cannot be a
guarantee that your private information will stay private; thus, the simplest
solution is don't put any private information on the app / don't assume that
it will stay private.

~~~
Wowfunhappy
Investigate each layer one at a time.

Not every end user will be able to independently verify every piece of
software on their machine—going fully open source wouldn't do that either. But
these types of investigations should be _open_ to the general public so that
peer review can take place.

------
swiley
I’m still mad that I got shadow banned. All I did was post ukulele videos.

~~~
thenewnewguy
Unless I'm shadowbanned with you I can assure you that you're not.

~~~
deith
The only way to read guys who are shadowbanned is to enable "showdead" in your
profile. You won't automatically read their comments even if you are
shadowbanned yourself if you don't enable the showdead option.

~~~
thenewnewguy
I have showdead on, but swiley's post doesn't display as dead for me.

------
maqp
I'm glad there isn't another UAE based app that stores billions of messages on
its servers, effectively in plaintext, including all group chats, all desktop
client chats, and overwhelming majority of one-on-one chats that aren't opt-in
secret chats. /s

"BuT TelEGram HasnT beEn ComPRomIsED iN tHe wILd haS it???"

~~~
nailer
You're making a valid point, but you could probably reword it without the
sarcasm.

~~~
maqp
You're right. I apologize. I'm just absolutely terrified about the inevitable
hack -- when intelligence establishment gets their hands on everyone's private
messages on Telegram servers, or when some hacker leaks them.

