[HN Gopher] Facebook wanted NSO spyware to monitor users, NSO CE... ___________________________________________________________________ Facebook wanted NSO spyware to monitor users, NSO CEO claims Author : clairity Score : 149 points Date : 2020-04-03 19:32 UTC (3 hours ago) (HTM) web link (www.vice.com) (TXT) w3m dump (www.vice.com) | notRobot wrote: | I wish I could stop using WhatsApp. It's the only FB service I | use, and I because everyone else in my life relies on it, I can't | just uninstall it and get away with it :( | RileyJames wrote: | Just keep trying! It took a long time, but I managed to move my | whole direct family to signal. | | You will probably have to install it for them. | | Make a group chat. | | Use it regularly. | | But as it's basically the same functionality, you won't have to | train them to use it. It's worth it. | chrononaut wrote: | You just have to start small, and eventually you might get | there. It was like that for me with Signal. I was able to get a | couple of my more willing close contacts to begin using it. | After a couple months, another began using it, and eventually | after two to three years the vast majority, most whom I never | tried convincing, are using the application actively. | reaperducer wrote: | Drop it and just go with e-mail, postal mail, phone calls, and | SMS. | | I did, and found out who my real "friends" really are. | [deleted] | chance_state wrote: | Talented engineers that spend their limited working years | figuring out how to extract every last cent from every person on | Earth should feel some shame. | | I wonder how harshly history will judge them (many of whom are on | HN). | thowayheyhey wrote: | When FB news appears on HN I can't help but feel there's a | curated tone/narrative. A mixture of "everyone's doing it" and | "they clicked agree on the ToS" to "you should've known it | would happen". | | Anyone want to take bets if FB runs sock-puppet accounts across | the web? It'll be plausibly deniable and run thru a third party | but still. Would anyone be surprised? | fxtentacle wrote: | Of course they do. I don't question the if, but I'm curious | about the number... | mirimir wrote: | Maybe so. | | But doesn't HN scan for concerted behavior? | jsjddbbwj wrote: | Talented engineers that spend their limited time judging others | because they disagree with their sense of morals should feel | some shame. | cantrevealname wrote: | I'd like to suggest a fun project for Apple that might allow them | to kill off this NSO malware: Apple should devote a few engineers | to create honeypot iPhones that they could get into the hands of | a few carefully chosen journalists and dissidents who would then | "lose" their phones or allow the phones to be confiscated by | governments or organizations who use NSO software. The objective | is to get a copy of the NSO malware and figure out the exploit(s) | they use. | | The honeypot phones would behave exactly like normal phones but | save all incoming data at the lowest protocol layer (whether by | wifi, cellular, Lightning connector, and maybe even in-circuit | attempts to reflash firmware) to hidden internal terabyte microSD | storage, which it would later exfiltrate back to Apple at some | point --- perhaps by even having a second hidden cellular | connection. I'm assuming that Apple has all the talent it needs | to reverse engineer and plug the NSO malware once it has an | actual copy of the malware. | TrainedMonkey wrote: | This is an interesting thought exercise, I am going to ask a | few questions. Think about them and then decide if this is a | good idea: | | 1. How big will the project be? I.E. what staff you need to | develop AND deploy honeypot phones. | | 2. Who would decide targets? | | 3. What do you do with the data collected? Who enforces those | rules? | | 4. How do you keep the project secret? | | 5. How do you prevent various 3 letter agencies from ordering | you to deploy this technology for national security? | | 6. How do you protect Apple's reputation once it leaks out that | there are secret phones that eavesdrop on you? | | A better long term strategy is to offer large bug/exploit | bounties. This foils malware and builds trust in Apple | platform. | jacobush wrote: | That would be a very offensive move. I like it. How will that | kill off this malware though? Just by making incrementally | harder (might work!) or through something more fundamental I'm | missing? | cantrevealname wrote: | > _How will that kill off this malware though?_ | | I wouldn't be surprised if everything that NSO does depends | on just one or two extremely good exploits. Once Apple rolls | out an update to patch the one or two critical bugs, it'll | stop NSO for a nice long time until they spend hundreds of | man years or millions of dollars to find another exploit | that's just as good. | saagarjha wrote: | I don't actually think it costs hundreds of man years to | find these bugs at the moment. | georgespencer wrote: | > governments | | I'm sure you know this, but deliberately committing an act of | espionage to directly or indirectly subvert the activities of | government agencies would be a silly thing for Apple to try to | do. | | Their dollars are better spent on lobbying (make shit like this | illegal), and engineering (make shit like this literally not | work because iPhone is as secure as it can be). | Lammy wrote: | You can see how important Onavo was to Facebook by the lengths | they were willing to go to protect it, including the whole | "distributing it to teens via enterprise cert" thing Apple | slapped them down for. The data from Onavo is how they knew what | up-and-coming competitors were popular, and allowed Facebook to | buy them out before they could become fully established. | georgespencer wrote: | Not much surprises me about Facebook any more. The leadership is | tone deaf. | dhosek wrote: | It seems their corporate motto, instead of the old Google, | "Don't be evil" is "Be as evil as possible." | georgespencer wrote: | It's weird isn't it? I went through a period (personally) | where I felt super misunderstood by people around me, and | after a while I realised it was _me_ who was miscalibrated. I | get the impression that FB feels the same, but without the | capacity for self-reflection or desire to change. A shame | because the Facebook platforms could be, if not a force for | good, at the very least neutral. Instead it seems like every | single thing they do is insidious. | harumph wrote: | Being tone-deaf would imply they're unable to understand other | people's issues. Facebook actively seeks to track all of us for | their financial gain, against the wishes of many of us. | | Facebook is actively malicious. | ConsiderCrying wrote: | I'm baffled that, even with the horrible rep Facebook has, they | somehow decided to put "from Facebook" splash screens into both | WhatsApp and Instagram. Why? What possible benefit could it | have? Most people already know who owns the services but now | anybody who opens the app is faced with it. If anything, it | should just make people reluctant to use the apps, surely. | brenden2 wrote: | Many people don't realize that WhatsApp and Instagram are the | same thing as Facebook. Facebook's brand is somewhat | tarnished, and they want to polish it up with Instagram and | WhatsApp (which have been less impacted by the bad press). | jacobush wrote: | I'd say most, at least not until the sticker appeared. | reaperducer wrote: | _What possible benefit could it have?_ | | Perhaps stock price/awareness? | | The same way that lots of companies put their ticker symbol | in their advertising, or the way local television news | programs will put its parent company's ticker symbol in the | closing graphics. | blakesterz wrote: | The original report is from Vice: | | https://www.vice.com/en_us/article/pke9k9/facebook-wanted-ns... | | "The Facebook representatives stated that Facebook was concerned | that its method for gathering user data through Onavo Protect was | less effective on Apple devices than on Android devices," the | court filing reads. "The Facebook representatives also stated | that Facebook wanted to use purported capabilities of Pegasus to | monitor users on Apple devices and were willing to pay for the | ability to monitor Onavo Protect users." | dang wrote: | Ok, we've changed the URL to that from | https://appleinsider.com/articles/20/04/03/facebook-tried- | to.... Thanks! | | " _Please submit the original source. If a post reports on | something found on another site, submit the latter._ " | | https://news.ycombinator.com/newsguidelines.html | packetslave wrote: | And here's the Facebook response from that same article that | you neglected to include: | | "NSO is trying to distract from the facts Facebook and WhatsApp | filed in court over six months ago. Their attempt to avoid | responsibility includes inaccurate representations about both | their spyware and a discussion with people who work at | Facebook. Our lawsuit describes how NSO is responsible for | attacking over 100 human rights activists and journalists | around the world. NSO CEO Shalev Hulio has admitted his company | can attack devices without a user knowing and he can see who | has been targeted with Pegasus. We look forward to proving our | case against NSO in court and seeking accountability for their | actions," the statement from a Facebook spokesperson read. | catalogia wrote: | > _" NSO is trying to distract_ | | This seems to be a case of the pot calling the kettle black. | georgespencer wrote: | None of this seems to refute OP's comment. | mfer wrote: | 2 notes about the parent. 1) The parent is written by an | employee at Facebook and 2) it does not deny the claim | instead redirecting the readers attention. | | None of this makes the original claim true or false. I'll be | curious to see what comes to light around that. I just like | to notice these subtle things. | ksk wrote: | I work for neither, and the claim itself is vague, as it | lacks any technical facts. | | "purported capabilities to monitor users" can mean anything | from full on CIA spy-mode with pema-enabling audio and | video and 24/7 recording to logging their IP address when | they visit a website. | twomoretime wrote: | Why should Facebook be doing any of that? | | Even the best case outcome is negative here. | ksk wrote: | Sure, have any opinion you want as long as you base it on | facts, and respect others who don't agree with you. | HenryBemis wrote: | All I see is two snakes (FB, NSO) are fighting on which | one will eat the little white mouse (our privacy). I did | the article because there is always some thing to learn | even in the gutter. | ethanbond wrote: | "NSO is trying to distract from the facts [a whole lot of | irrelevant content]." ___________________________________________________________________ (page generated 2020-04-03 23:00 UTC)