16 July 2021

Links

John Biewen: Ted Talk, “The lie that invented racism”

Dave Winer recommended this. The "lie that invented racism" was a claim made in Portugal during the age of empires that black Africans, being an inferior race, can be enslaved with impunity. The man in oversimplifying, surely. Europeans don't have a monopolism on racism based on skin pigmentation. For example, it's quite likely that India's caste system (varna) is based upon it (the word itself means "colour"). And then, skin colour is only one of the differences that we rely upon to create or deny entitlement. Humans always find frivolous reasons to discriminate against some and entitle others. Every flimsy basis for discrimination is backed up by wrong notions, projections and stereotypes. Belonging to the right group will always be the key to success, belonging to the wrong group, a recipe for failure.

If we want to create a more equal society, we will need to eradicate many more bases for prejudice and entitlement, but discovering them is like whacking moles. Unless we go to the root cause and find out what motivates and fuels our tendency towards discrimination in the first place, our prejudices will always be with us.

‘Excess deaths’ in Haryana seven times official COVID-19 toll - The Hindu

India largest source of government information requests, says Twitter - The Hindu

Sedition law | Supreme Court sends strong message to government - The Hindu
Chief Justice of India N.V. Ramana’s remarks in open court on Thursday sends a strong message to the government that the Supreme Court is prima facie convinced that sedition is being misused by the authorities to trample upon citizens’ fundamental rights of free speech and liberty.

Israeli spyware firm linked to fake Black Lives Matter and Amnesty websitesThe Guardian

The team also identified more than 750 domain names that appeared to be linked to Candiru and its customers. In addition to the sites masquerading as not-for-profits, the researchers found URLs that appeared to impersonate a left-leaning Indonesian publication; a site that publishes Israeli court indictments of Palestinian prisoners; a website critical of Saudi Arabia’s crown prince, Mohammed bin Salman; and a site that appeared to be associated with the World Health Organization.

“Candiru’s apparent presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse,” the report said. “This case demonstrates, yet again, that in the absence of any international safeguards or strong government export controls, spyware vendors will sell to government clients who will routinely abuse their services.”

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware - Microsoft Security Blog

Hooking Candiru: Another Mercenary Spyware Vendor Comes into Focus - The Citizen Lab

A leaked Candiru project proposal published by TheMarker shows that Candiru’s spyware can be installed using a number of different vectors, including malicious links, man-in-the-middle attacks, and physical attacks. A vector named “Sherlock” is also offered, that they claim works on Windows, iOS, and Android.

Not Mac or Linux, though. Activists and journalists should stay away from Windows. And they so love their phones! I feel awkward and uncomfortable whenever I use the thing, and I'm not even signed into Google or the manufactor's services. I avoid Chrome and location services, and use only FDroid apps, but still feel uncomfortable, like big brother is always watching. On my computer at least, I have the illusion of being in control. Not on Windows, of course.

As part of their investigation, Microsoft observed at least 100 victims in Palestine, Israel, Iran, Lebanon, Yemen, Spain, United Kingdom, Turkey, Armenia, and Singapore. Victims include human rights defenders, dissidents, journalists, activists, and politicians.

We are still reversing most of the spyware’s functionality, but Candiru’s Windows payload appears to include features for exfiltrating files, exporting all messages saved in the Windows version of the popular encrypted messaging app Signal, and stealing cookies and passwords from Chrome, Internet Explorer, Firefox, Safari, and Opera browsers.

The €16 million project proposal allows for an unlimited number of spyware infection attempts, but the monitoring of only 10 devices simultaneously. For an additional €1.5M, the customer can purchase the ability to monitor 15 additional devices simultaneously, and to infect devices in a single additional country. For an additional €5.5M, the customer can monitor 25 additional devices simultaneously, and conduct espionage in five more countries.

The price point is obviously for nation states and governments.