[HN Gopher] Facebook wanted NSO spyware to monitor users, NSO CE...
___________________________________________________________________
Facebook wanted NSO spyware to monitor users, NSO CEO claims
Author : clairity
Score : 149 points
Date : 2020-04-03 19:32 UTC (3 hours ago)
(HTM) web link (www.vice.com)
(TXT) w3m dump (www.vice.com)
| notRobot wrote:
| I wish I could stop using WhatsApp. It's the only FB service I
| use, and I because everyone else in my life relies on it, I can't
| just uninstall it and get away with it :(
| RileyJames wrote:
| Just keep trying! It took a long time, but I managed to move my
| whole direct family to signal.
|
| You will probably have to install it for them.
|
| Make a group chat.
|
| Use it regularly.
|
| But as it's basically the same functionality, you won't have to
| train them to use it. It's worth it.
| chrononaut wrote:
| You just have to start small, and eventually you might get
| there. It was like that for me with Signal. I was able to get a
| couple of my more willing close contacts to begin using it.
| After a couple months, another began using it, and eventually
| after two to three years the vast majority, most whom I never
| tried convincing, are using the application actively.
| reaperducer wrote:
| Drop it and just go with e-mail, postal mail, phone calls, and
| SMS.
|
| I did, and found out who my real "friends" really are.
| [deleted]
| chance_state wrote:
| Talented engineers that spend their limited working years
| figuring out how to extract every last cent from every person on
| Earth should feel some shame.
|
| I wonder how harshly history will judge them (many of whom are on
| HN).
| thowayheyhey wrote:
| When FB news appears on HN I can't help but feel there's a
| curated tone/narrative. A mixture of "everyone's doing it" and
| "they clicked agree on the ToS" to "you should've known it
| would happen".
|
| Anyone want to take bets if FB runs sock-puppet accounts across
| the web? It'll be plausibly deniable and run thru a third party
| but still. Would anyone be surprised?
| fxtentacle wrote:
| Of course they do. I don't question the if, but I'm curious
| about the number...
| mirimir wrote:
| Maybe so.
|
| But doesn't HN scan for concerted behavior?
| jsjddbbwj wrote:
| Talented engineers that spend their limited time judging others
| because they disagree with their sense of morals should feel
| some shame.
| cantrevealname wrote:
| I'd like to suggest a fun project for Apple that might allow them
| to kill off this NSO malware: Apple should devote a few engineers
| to create honeypot iPhones that they could get into the hands of
| a few carefully chosen journalists and dissidents who would then
| "lose" their phones or allow the phones to be confiscated by
| governments or organizations who use NSO software. The objective
| is to get a copy of the NSO malware and figure out the exploit(s)
| they use.
|
| The honeypot phones would behave exactly like normal phones but
| save all incoming data at the lowest protocol layer (whether by
| wifi, cellular, Lightning connector, and maybe even in-circuit
| attempts to reflash firmware) to hidden internal terabyte microSD
| storage, which it would later exfiltrate back to Apple at some
| point --- perhaps by even having a second hidden cellular
| connection. I'm assuming that Apple has all the talent it needs
| to reverse engineer and plug the NSO malware once it has an
| actual copy of the malware.
| TrainedMonkey wrote:
| This is an interesting thought exercise, I am going to ask a
| few questions. Think about them and then decide if this is a
| good idea:
|
| 1. How big will the project be? I.E. what staff you need to
| develop AND deploy honeypot phones.
|
| 2. Who would decide targets?
|
| 3. What do you do with the data collected? Who enforces those
| rules?
|
| 4. How do you keep the project secret?
|
| 5. How do you prevent various 3 letter agencies from ordering
| you to deploy this technology for national security?
|
| 6. How do you protect Apple's reputation once it leaks out that
| there are secret phones that eavesdrop on you?
|
| A better long term strategy is to offer large bug/exploit
| bounties. This foils malware and builds trust in Apple
| platform.
| jacobush wrote:
| That would be a very offensive move. I like it. How will that
| kill off this malware though? Just by making incrementally
| harder (might work!) or through something more fundamental I'm
| missing?
| cantrevealname wrote:
| > _How will that kill off this malware though?_
|
| I wouldn't be surprised if everything that NSO does depends
| on just one or two extremely good exploits. Once Apple rolls
| out an update to patch the one or two critical bugs, it'll
| stop NSO for a nice long time until they spend hundreds of
| man years or millions of dollars to find another exploit
| that's just as good.
| saagarjha wrote:
| I don't actually think it costs hundreds of man years to
| find these bugs at the moment.
| georgespencer wrote:
| > governments
|
| I'm sure you know this, but deliberately committing an act of
| espionage to directly or indirectly subvert the activities of
| government agencies would be a silly thing for Apple to try to
| do.
|
| Their dollars are better spent on lobbying (make shit like this
| illegal), and engineering (make shit like this literally not
| work because iPhone is as secure as it can be).
| Lammy wrote:
| You can see how important Onavo was to Facebook by the lengths
| they were willing to go to protect it, including the whole
| "distributing it to teens via enterprise cert" thing Apple
| slapped them down for. The data from Onavo is how they knew what
| up-and-coming competitors were popular, and allowed Facebook to
| buy them out before they could become fully established.
| georgespencer wrote:
| Not much surprises me about Facebook any more. The leadership is
| tone deaf.
| dhosek wrote:
| It seems their corporate motto, instead of the old Google,
| "Don't be evil" is "Be as evil as possible."
| georgespencer wrote:
| It's weird isn't it? I went through a period (personally)
| where I felt super misunderstood by people around me, and
| after a while I realised it was _me_ who was miscalibrated. I
| get the impression that FB feels the same, but without the
| capacity for self-reflection or desire to change. A shame
| because the Facebook platforms could be, if not a force for
| good, at the very least neutral. Instead it seems like every
| single thing they do is insidious.
| harumph wrote:
| Being tone-deaf would imply they're unable to understand other
| people's issues. Facebook actively seeks to track all of us for
| their financial gain, against the wishes of many of us.
|
| Facebook is actively malicious.
| ConsiderCrying wrote:
| I'm baffled that, even with the horrible rep Facebook has, they
| somehow decided to put "from Facebook" splash screens into both
| WhatsApp and Instagram. Why? What possible benefit could it
| have? Most people already know who owns the services but now
| anybody who opens the app is faced with it. If anything, it
| should just make people reluctant to use the apps, surely.
| brenden2 wrote:
| Many people don't realize that WhatsApp and Instagram are the
| same thing as Facebook. Facebook's brand is somewhat
| tarnished, and they want to polish it up with Instagram and
| WhatsApp (which have been less impacted by the bad press).
| jacobush wrote:
| I'd say most, at least not until the sticker appeared.
| reaperducer wrote:
| _What possible benefit could it have?_
|
| Perhaps stock price/awareness?
|
| The same way that lots of companies put their ticker symbol
| in their advertising, or the way local television news
| programs will put its parent company's ticker symbol in the
| closing graphics.
| blakesterz wrote:
| The original report is from Vice:
|
| https://www.vice.com/en_us/article/pke9k9/facebook-wanted-ns...
|
| "The Facebook representatives stated that Facebook was concerned
| that its method for gathering user data through Onavo Protect was
| less effective on Apple devices than on Android devices," the
| court filing reads. "The Facebook representatives also stated
| that Facebook wanted to use purported capabilities of Pegasus to
| monitor users on Apple devices and were willing to pay for the
| ability to monitor Onavo Protect users."
| dang wrote:
| Ok, we've changed the URL to that from
| https://appleinsider.com/articles/20/04/03/facebook-tried-
| to.... Thanks!
|
| " _Please submit the original source. If a post reports on
| something found on another site, submit the latter._ "
|
| https://news.ycombinator.com/newsguidelines.html
| packetslave wrote:
| And here's the Facebook response from that same article that
| you neglected to include:
|
| "NSO is trying to distract from the facts Facebook and WhatsApp
| filed in court over six months ago. Their attempt to avoid
| responsibility includes inaccurate representations about both
| their spyware and a discussion with people who work at
| Facebook. Our lawsuit describes how NSO is responsible for
| attacking over 100 human rights activists and journalists
| around the world. NSO CEO Shalev Hulio has admitted his company
| can attack devices without a user knowing and he can see who
| has been targeted with Pegasus. We look forward to proving our
| case against NSO in court and seeking accountability for their
| actions," the statement from a Facebook spokesperson read.
| catalogia wrote:
| > _" NSO is trying to distract_
|
| This seems to be a case of the pot calling the kettle black.
| georgespencer wrote:
| None of this seems to refute OP's comment.
| mfer wrote:
| 2 notes about the parent. 1) The parent is written by an
| employee at Facebook and 2) it does not deny the claim
| instead redirecting the readers attention.
|
| None of this makes the original claim true or false. I'll be
| curious to see what comes to light around that. I just like
| to notice these subtle things.
| ksk wrote:
| I work for neither, and the claim itself is vague, as it
| lacks any technical facts.
|
| "purported capabilities to monitor users" can mean anything
| from full on CIA spy-mode with pema-enabling audio and
| video and 24/7 recording to logging their IP address when
| they visit a website.
| twomoretime wrote:
| Why should Facebook be doing any of that?
|
| Even the best case outcome is negative here.
| ksk wrote:
| Sure, have any opinion you want as long as you base it on
| facts, and respect others who don't agree with you.
| HenryBemis wrote:
| All I see is two snakes (FB, NSO) are fighting on which
| one will eat the little white mouse (our privacy). I did
| the article because there is always some thing to learn
| even in the gutter.
| ethanbond wrote:
| "NSO is trying to distract from the facts [a whole lot of
| irrelevant content]."
___________________________________________________________________
(page generated 2020-04-03 23:00 UTC)