There was an item in the TV news about NSO; an interview with one of the founders, and the CEO, Shalev Hulio. He doesn't cut a very impressive figure and seemed nervous and evasive when asked key questions. A family man, maybe a little naive or unused to journalists. The TV news channel spent 2 days in the NSO headquarters in Herzlia and interviewed a few others there too. One guy demonstrated how what the company does is not simple interception of phones; it helps the clients to interpret the information collected and to construct an elaborate porfolio of the target and their network of connections. Sounds familiar from the descriptions of intelligence firm operations found in Cory Doctorow's novel, "Attack Surface".

The NYT story on NSO that I read yesterday had lots of new information. If it can be relied upon, it shows, in a more detailed way than known previously, how the sale of Pegasus went hand in hand with Israeli diplomacy and created friends among client countries who voted for Israel and against Palestinian interests in discussions at the UN. It also clearly states that India and Djibouti among others purchased Pegasus, despite denials or refusals to comment.

In the news item, Hulio is given the opportunity to make the case for the need for cyberweapons when facing sophisticated criminal or terrorist organizations. This is overshadowed by the fact that most of the countries to which the system was sold ended up using it against political opponents, critical journalists, ordinary citizens or diplomats of other countries. In this way, cyberweapons are not like other weapons. They are ideally constructed to undermine democracy wherever they land; even in supposedly democratic countries.

Haaretz runs stories in its English edition that have often appeared a few days earlier in its Hebrew edition. So today they have the story about Yuli Novak, a previous director of the Breaking the Silence organization. When the NGO and its members began to be hounded by rightwing groups, the media and politicians, and the group's members began to receive death threats, she stepped down and away from Breaking the Silence and fled overseas for a time. Now she is reassessing her relationship with her country and with Zionism.

Breaking the Silence is an organization that publishes testimony of former soldiers as a means to help Israeli society reevaluate the meaning of its military occupation of Palestinian territories. It is not the radical political organization that it is made out to be in the Israeli media. It actually stays clear of direct criticism of Israel. It simply tries to show people the consequences of what the army is doing in the Occupied Territories; to "break the silence" about what is being done by the military. Like Edward Snowden and other whistleblowers, it spreads awareness of activities that are normally kept out of sight and removed from the consciousness of ordinary citizens.

As such, it does not need to take a political stance and it is actually better for its work if it stays out of politics. The organization is made up of former soldiers who, when they signed up, believed in the army's mission, but got freaked out by what they saw happening on the ground. Whatever political conclusions they came to as a result are personal, and do not necessarily represent the organization itself. The point is to gather the soldiers' testimony and to present it as part of a public education campaign, so that citizens can form their own opinions. At least that is what I understood after going on a tour of Hebron with one of the organization's founders and listening to him at other times.

Choosing to target Breaking the Silence, and other organizations that are within the fold of the Zionist left, such as Betselem and the New Israel Fund, seems to have been a conscious choice of the Right. They obviously see them as more of a threat than truly anti-Zionist groups, whose numbers and resources are even more scant.

Yuli Novak - feminist, LGBT person and leftist as she is - seems to have taken quite a long time to question the narratives she grew up with and only recently has been coming around to opinions that many Israelis reached long ago. But eventually it dawned upon her:

"What sort of coexistence are you proposing here?” she asks rhetorically during our conversation, aiming the question at the Zionist left. “A coexistence that favors only you? That simply will not work. The moment we recognize that we are not living in a democracy in the deepest and most basic way, it suddenly becomes a lot easier to understand what is going on here. And it’s no longer chaotic."

I guess by "chaotic" she means the dissonance between her received understanding of reality based on what she has been told, and what she actually sees. I'm not sure that she's entirely out of it herself, just like all of us. A certain part of us always wants to believe that we are living in a fine sort of country that will basically be OK if we can only fix a few things. But that's not true in any of the liberal (and increasingly less liberal) democracies. It certainly isn't true of a society that is based on myths about selective group identity.

Nations, if we need them at all, should exist for the welfare of the totality of their citizens, not just for their elites, for particular ethnicities, castes, religious or ideological communities. They should provide us with a comfortable framework in which to live and maintain a peaceful relationship with other nations and the biosphere. The details may be difficult to work out but at least the mission statement should be clear.

It's amazing to me that after all this time, almost all media coverage of Telegram still refers to it as an "encrypted messenger."

Telegram has a lot of compelling features, but in terms of privacy and data collection, there is no worse choice. Here's how it actually works:

Telegram stores all your contacts, groups, media, and every message you've ever sent or received in plaintext on their servers. The app on your phone is just a "view" onto their servers, where the data actually lives.

Almost everything you see in the app, Telegram also sees

Here's a simple test: delete Telegram, install it on a brand new phone, and register with your number. You will immediately see all your conversation history, all of your contacts, all the media you've shared, all of your groups. How? It was all on their servers, in plaintext.

The confusion is that Telegram does allow you to create very limited "secret chats" (no groups, synchronous, no sync) that nominally do use e2ee, even if the security of the e2ee protocol they use is dubious.

There's no e2ee by default, but they talk about it like there is

FB Messenger also has an e2ee "secret chat" mode that is actually much less limited than Telegram's (and also uses a better e2ee protocol), but nobody would consider Messenger to be an "encrypted messenger."

FB Messenger and Telegram are built almost exactly the same way.

Some may feel okay letting Telegram have access to all of their data, msgs, images, contacts, groups, etc. because they "trust Telegram."

However, the point of an "encrypted messenger" should be that you don't have to trust anyone other than the ppl you're communicating with.

Actual privacy tech is not about trusting someone else w/ your data. It's about not having to. A msg you send should only be visible to you & recipient. A group's details should only be vis to the other members. Looking up your contacts should not reveal them to anyone else.

Privacy tech is really about making the tech consistent with the UI. But if Telegram's UI were consistent with the way the tech worked, every chat would be a group chat with everyone that works at Telegram + everyone that hacks Telegram + every gov that accesses Telegram, etc

For the folks writing about this space, my request is that when you write "encrypted messenger," it should at minimum mean an app where all messages are e2ee by default. Telegram and FB Messenger are built exactly the same way. Neither are "encrypted messengers."

There's a disconnect between critiques of Telegram and its practical use that have made me uneasy about joining technical pile-ons around how it's not really encrypted messaging. Let me use the example of Telegram use in the Hong Kong protests.

1/I arrived in Hong Kong with each hair standing individually on end because everyone was using Telegram, which of course stores every group chat server-side like Moxie says. It took me a while to understand why it was so popular despite this shortcoming.

One reason was the ability to have three scales of chat in one app—really enormous (tens of thousands) of groups where you didn't have to share your identity, regular group chat, and one-on-one chats with people.

The one-on-one chats were popular because they could be set to an ephemeral mode, so that if a cop caught you and made you unlock your phone, you wouldn't get them in trouble. The huge supergroups were useful for organizing protest events and broadcasting information.

People were trying to avoid getting recognized in the moment, caught in the moment, or having to broadcast their identity to a huge group of strangers (HELLO I AM INTERESTED IN ATTENDING YOUR PROTEST), although this later turned out to be a huge hole in Telegram and caused a fuss

So the tradeoff was a mix of the app being usable and useful, safety in numbers, basic anonymity features in large groups, the ability to have massive supergroups, and disappearing chat. Compare this to Signal, where you saw everyone's phone number and it was buggy as hell

If the Chinese government wanted to come after you individually, you were screwed no matter what app you used. People brought phones to protests and that cell tower data was stored somewhere much easier for the PRC to obtain than even hacking Telegram.

The whole thing left me feeling far more confused about the role of E2E than I had been going in. Even today, if a state actor is seriously interested in you specifically, it's game over. Signal can keep your messages triple secret all it wants, but it doesn't really matter.

Either your device will be compromised, or the person you are having the triple-secret conversation is a government agent to begin with and even wearing a secret decoder ring on each finger is going to help.

So I think the right way to think of Telegram is an "encrypted enough" messenger, and for E2E purists to take a more careful look at why it is so widely used in protests movements, and why people find using "real" encrypted apps like Signal such a pain in the ass

The broader problem of ephemeral or spur of the moment protest activity leaving a permanent data trail that can be forensically analyzed and target individuals many years after the fact is unsolved and poses a serious risk to dissent. But E2E is not the solution to it.

I feel like Moxie and a lot of end-to-end encryption purists fall into the same intellectual tarpit as the cryptocurrency people, which is that it should be possible to design technical systems that require zero trust, and that the benefits of these designs are self-evident

But a truly trustless system is inhuman, and you're going to get monstrous results if you try to impose it on human behavior. Homo encrypticus doesn't exist any more than homo economicus. We need to think more deeply about how to make these technologies serve people as they are

The most dangerous thing about social software systems today is that they impose consequences on everyday actions that are unbounded in severity and time. You can be fired today for a social media comment you made as a kid, you can have $100M stolen by plugging in a USB device.

Reducing the blast radius of normal human mistakes, dismantling the permanent record part of the surveillance economy, and not forcing people to make irrevocable lifetime decisions every time they use a phone are the only way out of this mess. That's not solvable with software.

Hey what do I know, maybe sending all of our plaintext data to a Russian oligarch & his associates to indelibly manage is the solution to online privacy.

I’m just saying that we shouldn’t call it an “encrypted messenger,” because it simply isn’t - any more than FB Messenger is.

"Son Visage et le Tien", a long essay by Jenni Alexis. Interesting, so far. The English Wikipedia article about him references an article in the Atlantic, “When does a writer become a writer“[1]. Alexis, like T.S. Eliot, Franz Kafka, John Steinbeck, Margaret Duras and so many others that the article doesn’t mention, has a daytime job. Winning the Goncourt prize came as a big surprise for him. It’s the kind of attainment that so many aspiring writers dream about.

[1] https://www.theatlantic.com/entertainment/archive/2011/11/when-does-a-writer-become-a-writer/248945/

Despite all the predictions that the Pegasus affair would be all forgotten after a few weeks, no, the company’s woes seem only to be accumulating. Blacklisted by the US gov’t, half a billion dollars in debt, and now being sued by Apple.

NSO was about to sell hacking tools to France. Now the Israeli spyware company is in crisis. | MIT Technology Review https://www.technologyreview.com/2021/11/23/1040509/france-macron-nso-in-crisis-sanctions/

Apple Sues NSO Group For Hacking Its Users https://www.vice.com/en/article/7kbvyb/apple-sues-nso-group-for-hacking-its-users

"For the experts and activists who have been accusing NSO Group of enabling authoritarian abuse for years, it’s a victory that is long overdue."