World governments, Big Tech be like: "We are shocked, shocked! to find back doors and spying in here!"
The two work in tandem to facilitate the needs of each other. This is just the new military industrial complex for an age of hybrid war. Not going away any time soon, no matter how we feel about it.
As pointed out in another post today "A key product of ubiquitous surveillance is people who are comfortable with it"  All of the revelations with no recourse or reform lead to what we have now, everyone assumes big brother is watching and thats just how big brother wants it.
For example, the EU parliament has just recently passed legislation to allow "providers of e-mail and messaging services to automatically search all personal messages of each citizen for presumed suspect content and report suspected cases to the police."
Most people I talk to don't know about this. When they hear it, they're in shock. And then go on living their lives. It's really very intangible to most people.
"This citizen here, he shows in the cameras, but doesn't appear to have a cellphone/has two cellphones, let's investigate him!"
The phones of 50,000 individuals, including human rights activists and journalists, have been targeted by surveillance tools that were used by numerous governments. These tools can hack any iOS and Android phone, and there is no way to protect your device from it. It doesn't matter which apps you use, because the system is breached on a deeper level.
According to the Snowden revelations from 2013, both Apple and Google are part of the global surveillance program that implies that these companies have to, among other things, implement backdoors into their mobile operating systems. These backdoors, usually disguised as security bugs, allow US agencies to access information on any smartphone in the world.
The problem with such backdoors is that they are never exclusive to just one party. Anybody can exploit them. So if a US security agency can hack an iOS or Android phone, any other organization that uncovers the backdoors can do the same. Unsurprisingly, this is exactly what has been taking place: an Israeli company called NSO Group has been selling access to the spying tools that allowed third parties to hack tens of thousands of phones.
Since at least 2018, I have been aware that one of my phone numbers was included in a list of potential targets of such surveillance tools (although a source from the NSO Group denies it). Personally, I wasn't worried: since 2011, when I was still living in Russia, I’ve got used to assuming that all my phones were compromised. Anyone who gains access to my private data will be utterly disappointed – they will have to go through thousands of concept designs for Telegram features and millions of messages related to our product development process. They won't find any important information there.
However, these surveillance tools are also used against people far more prominent than me. For example, they were employed to spy on 14 heads of state. The existence of backdoors in crucial infrastructure and software creates a huge challenge for humanity. That's why I have been calling upon the governments of the world to start acting against the Apple-Google duopoly in the smartphone market and to force them to open their closed ecosystems and allow for more competition.
So far, even though the current market monopolization increases costs and impedes privacy and freedom of speech of billions, government officials have been very slow to act. I hope the news that they themselves have been targeted by these surveillance tools will prompt politicians to change their minds.
I know it's fun to slam on Telegram (and for sure its encryption has flaws, I really don't think anyone denies this), but everyone needs to understand the mindset of Durov and what I'm guessing is the mindset of russian-born telegram developers: your phone can be compromised, and easily at that.
I think this is something very important for everyone to remember when the discussion of encryption and messaging comes up.
The level of encryption in transit doesn't matter if your adversary has full access on your phone that can just screenshot and pull local messages of whatever they want.
NSO's ridiculousness hopefully has made it very clear that it doesn't matter which phone/OS you're using; full access to your phone is a salable item for basically anyone with the interest in having it, and this is only the software we know about.
Journalisst, Activists, or even just someone looking for a fun weekend is at risk with modern phones and messaging; it does not matter about tapping the communication in-between if they can just screenshot/copy your phone on the fly.
Be careful about what you use your phone for.
>GrapheneOS is heavily focused on security enhancements making exploitation significantly harder:
>Those other operating systems [Calyx and Lineage] don't improve resistance against exploitation and won't provide more resistance against an exploit working against AOSP/stock.
>If they specifically target GrapheneOS and put work into adjusting their exploit chains and finding new bugs as necessary, then they could certainly develop an exploit working against GrapheneOS. Costs will be higher and they'll usually need to specifically take it into account.
>Firmware exposed to remote attack surface like the radios (Wi-Fi, Bluetooth, cellular, NFC) and GPU is generally a lot harder to exploit than the OS and those components are isolated. It's much rarer and generally involves using an OS exploit to bypass the component isolation.
>Nearly all of these exploits are memory corruption bugs. GrapheneOS does actually provide hardening for firmware through attack surface reduction including the LTE only mode and other features. It can't directly harden firmware, but it can avoid exposing as much attack surface.
>So, for example, with the GrapheneOS 4G only mode enabled, vulnerabilities in 2G, 3G and 5G are not usable to exploit the cellular radio, only those exposed by 4G.
>The radio firmware also does have substantial hardening and internal sandboxing, but GrapheneOS can't improve it.
>GrapheneOS also fortifies the OS against exploitation by an attacker that has gained code execution on a component like the GPU or radio.
>Main hardening we provide is for the most common path of exploiting an RCE bug in userspace and then exploiting the kernel to escape sandbox.
GrapheneOS runs only on Pixel phones which have great hardware security.
Also, DON'T USE CopperheadOS: https://grapheneos.org/history/copperheados
Different compile settings might render an exploit ineffective. But I’d expect any remotely popular Android derivative (e.g. lineage) to be tested by the attacker - and even postmarketOS, which is not Android based, is likely to use some of the same media parsing libraries.
I think your best bet would be a Pixel phone with GrapheneOS, though I'm not sure whether it was effected here.
But the biggest problem is the lack of sandboxing, and UNIX permissions are way too crude to be of any use. The attacker at worst can't install a video driver, but can easily add anything to your bashrc, or read the content of your browser's cache, etc.
Turning off all three kill switches kills all sensors.
Concerning the problem with the C code, yes. But it’s the same problem as with Apple, trillion-dollar company.
He wants biggest American companies that world has ever had to open source and loose all the edge against rest of the world, but he runs close source proprietary server software which he wants people to use for secure communication.
Also they refuse to zero-knowledge (e2e) encrypt US iCloud backups.
In San Bernandino shooter’s case, they refused FBI’s request to develop new tools to hack an already locked iPhone.
However I have little doubt they will refuse to sign&push OTA update of a Signal.app or “improved” iOS developed and provided by NSA.
Mercenary who helped Carlos Ghosn, recalled that in the middle of operation, while riding a train, his iPhone suddenly rebooted and started an iOS update:
On the train, Taylor’s phone began an unexpected automatic software update. “The first thing I thought was, I wonder if the NSA knows,” he recalls. “I wouldn’t put anything past them.”
 - https://blog.elcomsoft.com/2021/01/apple-scraps-end-to-end-e...
 - https://www.vanityfair.com/news/2020/07/how-carlos-ghosn-esc...
Um, bundling a messaging app that parses feature-rich messages sent from anyone in the world using a memory-unsafe language and abusing DRM laws intended for anti-piracy protection to *ensure that no one can uninstall it from their phone* doesn't count as proof that Apple had something to do with Pegasus?
Yes, Durov's assertion that the bugs NSO exploited were intentionally left there by Apple at the behest of US intelligence agencies is presented without proof, and while conceivable is very unlikely .
But his assertion that monopoly practices by Apple had something to do with the Pegasus hacks is perfectly accurate given that Messages is insecure, forcibly bundled, and was in fact how many journalists and human rights defenders were hacked.
Durov's point that "it doesn't matter what apps you have installed on your phone" is especially depressing and a direct result of Apple's use of DRM to prevent users from uninstalling Messages. It would be nice if people could install Messages from their iPhones right now. Thanks to Apple, they can't.
 Not because Apple wouldn't do it if pressured (we know, for instance, that they caved to such pressure on iCloud encryption) but merely because there are likely so many vulnerabilities to find that the chances NSA, Apple, and NSO were all aware of the same vulnerabilities are very low.
if software is the edge, then it's not solid, imo.
I thought US edge was capital, skilled people who can create insane stuff quickly and engineering culture that enables them
That said, I'm unsure how the media could twist "x country spied on y individual." Knowing the types of people being spied on, it should be assumed most people of similar importance are being spied on by someone.
What sort of cost-benefit analysis are you doing that makes you think your right to see other people's PII trumps their privacy?
However, I don't see the argument shifting towards the big tech- they are responsible for giving us the crap operating systems. I genuinely miss BlackBerry 10 now.