[HN Gopher] Amazon Shuts Down NSO Group Infrastructure
___________________________________________________________________
Amazon Shuts Down NSO Group Infrastructure
Author : fieryscribe
Score : 435 points
Date : 2021-07-19 13:48 UTC (9 hours ago)
(HTM) web link (www.vice.com)
(TXT) w3m dump (www.vice.com)
| giantg2 wrote:
| And cue a slew of CEOs in non-ESG friendly companies rethinking
| their AWS contracts...
| esens wrote:
| Anyone notice that this statement from NSO in the article doesn't
| make sense:
|
| "NSO does not operate its technology, does not collect, nor
| possesses, nor has any access to any kind of data of its
| customers."
|
| If this is true, how do we have a singular list of all phone
| numbers penetrated? If there was this type of "segmentation" or
| firewall between NSO and its clients, why was there this huge
| central data leak?
|
| NSO is tracking what its clients are doing. It may not be telling
| its clients it is also tracking them. I wouldn't be surprised if
| NSO could also access every one of those penetrated devices as
| well independently of its clients.
| ruggeri wrote:
| Thank you. I was trying to understand this myself.
|
| NSO seems to be trying to distance themselves from how its
| software is used by its "clients," but that seems undercut by
| the plausible supposition that NSO knows exactly who its
| clients' targets are.
| aritmo wrote:
| They are trying to claim that the service is so fully automated
| that it is the client that does the selection of the target.
| They claim that their system does not require any fine-tuning
| from their side, etc.
|
| And that's totally bullshit.
| [deleted]
| prox wrote:
| So the good old plausible deniability?
| hn8788 wrote:
| It could mean that NSO controls the infrastructure that manages
| the tool, but that they don't actually collect the data
| themselves. So what they said could technically be true if all
| they do is manage the infrastructure that enables their clients
| to do the collection of data.
| breakingcups wrote:
| How does that clear with "NSO does not operate its
| technology" though?
| esens wrote:
| But do they have access to the phone numbers that their
| customers are targeting? That seems by itself to contradict
| their statement ("nor has any access to any kind of data of
| its customers") right there.
|
| Something isn't adding up.
| hn8788 wrote:
| They could be lying, or they could just be trying to use
| weasel words. "Data" could be referring to collected data,
| and they consider phone numbers "metadata". I haven't been
| following the story though, so I don't know which is more
| likely.
| JumpCrisscross wrote:
| > _Something isn 't adding up_
|
| It's bullshit at best.
|
| If we assume they aren't lying, which is generous given
| their track record, it could be that they provide the tools
| and infrastructure to collect the data, but don't instruct
| the software to collect the data. Sort of like if I had a
| loaded gun and told you I would point and shoot it where
| you told me to, and then argued that I didn't technically
| make the decision. It's technically true and complete
| bullshit.
| lupire wrote:
| But then where did the list of numbers come from, if
| there is no "access"?
| srswtf123 wrote:
| Seems more likely they're lying.
| zzleeper wrote:
| Perhaps NSO Group should be considered a terrorism-aiding
| organization. Freeze its assets, track all their employees,
| backers, etc.
|
| Wonder if they are even helping to hack US government employees
| through China, etc. (besides just helping to torture dissidents).
| flyinglizard wrote:
| The biggest customers for these companies are Western
| governments. You're not going to take away their toys.
| igorzx31 wrote:
| Their biggest customers are middle eastern governments
| according to the WaPo article. US certainly has bought the
| software but it's mostly Saudi, UAE, Qatar, etc. US has NSA
| so they don't really need some software. Middle eastern
| powers dont have the same type of technical expertise to
| develop their own in-house.
| h1fra wrote:
| So should we consider the NSA a terrorism-aiding
| organization?
|
| edit: the tone is lost via internet; my own opinion on
| this: yes, it is.
| JumpCrisscross wrote:
| > _So should we considered the NSA a terrorism-aiding
| organization_
|
| This statement needs the "we" defined to be meaningful.
|
| If it is the U.S., then obviously no, the NSA is an arm
| of the state. If "we"` is _e.g._ China, probably no,
| because words have meanings and the arms of recognized
| foreign states don 't conduct terrorism, they do
| espionage and they do war. If "we" is a freshman dorm
| room, then, of course, the NSA is a terrorist
| organization alongside the student government.
| r00fus wrote:
| > If it is the U.S., then obviously no, the NSA is an arm
| of the state.
|
| Some here in the states don't exactly feel like the
| people running the USG have the people's best interests
| at heart. Common folk across countries probably have more
| in common with each other than with the ruling elite.
|
| State-sponsored terrorism is a thing - and has been for a
| LONG time. And US citizens are targets as well as non-
| citizens.
| vmception wrote:
| It requires indoctrination to believe the US as an
| aggregate sovereign brand functions with the interest of
| US people in mind.
|
| Nothing about US foreign policy suggests that. Very
| little about the Federal government's domestic policy
| does.
| dragonwriter wrote:
| > > So should we considered the NSA a terrorism-aiding
| organization
|
| > If it is the U.S., then obviously no, the NSA is an arm
| of the state.
|
| Its perhaps worth noting that "terrorism" originally
| exclusively denoted action by the State against its own
| subjects, though it was within a few years expanded to
| include other activities.
| JumpCrisscross wrote:
| > _"terrorism" originally exclusively denoted action by
| the State against its own subjects_
|
| Correct, in the French Revolution, I believe. There are a
| variety of definitions of terrorism. The common elements
| seem to be the (a) peacetime use (b) of violence (c)
| against non-combatants (d) as a political tool. There
| also seems to be an unspoken requirement that it occurred
| after the formation of modern states (otherwise almost
| all of the preceding human history was terrorism and the
| word gets normalized); the French Revolution is a useful
| line.
|
| The NSA targets non-combatants (c) in peacetime (a). It
| does not use violence (b), though it does enable it ( 1/3
| b). It does not do so for domestic political aims (to any
| proven degree); the degree to which it does so abroad
| depends on where one draws the line between politics and
| geopolitics. (The CIA, in contrast, engages in all four
| overseas.)
|
| When an organization that has done terrorism becomes a
| terrorist organization is another question.
| vmception wrote:
| Okay that settles it, the word terrorism has so many
| conflicting and overlapping contexts that it is useless
| tomrod wrote:
| There is a community on reddit called "self-aware wolves"
| that narrowly identifies a much broader phenomenon: there
| are many elements of modern society which are generally
| tolerated but not morally permissible. This is a
| representative instance.
| beebeepka wrote:
| Yes, we should
| ashtonkem wrote:
| Yes. We should.
| bobthechef wrote:
| Does terrorizing citizens through illegal spying and mass
| surveillance constitute _terrorism_? Or does only setting
| off bombs in public spaces count?
| ashtonkem wrote:
| Terrorism _aiding_ , they said.
| PeterisP wrote:
| There would need to be some actual violence involved to
| constitute terrorism. If you spy on some journalist and
| then us that info to catch him and cut him in pieces
| while he's still alive, then the dismemberment may be
| considered terrorism and the spying was aiding that
| terrorism; if you spy on many people and the end result
| is just that some officers laugh about their naked photos
| or deny them jobs or disallow crossing borders, then
| that's just "ordinary" mass surveillance with no
| relationship to terrorism.
| throwaway210222 wrote:
| Once you too have had the misfortune of a bomb going off
| near your family, you will know the answer.
| blackearl wrote:
| Is this supposed to be some kind of "gotcha"? Both are
| despicable.
| whymauri wrote:
| Exactly, lol. Not sure if the GP comment is trying to
| imply some sort of good comes out of the NSA.
| freeflight wrote:
| There comes good out of the NSA, at least good for the US
| like stealing IP and patents for American companies [0]
|
| [0] https://en.wikipedia.org/wiki/ECHELON#Examples_of_ind
| ustrial...
| flyinglizard wrote:
| 1. There are many, many more Western countries other than
| the US.
|
| 2. Even if they develop their own tools and research their
| exploits, using NSO provides a layer of plausible
| deniability and hiding behind someone else's fingerprint
| (think about the command and control servers, for example).
|
| 3. Even if they develop their own stuff, most governments
| have multiple arms which can use these tools (think about
| FBI, CIA, NSA, various military intelligence branches), and
| they tend not to share between them. This makes smaller
| government branches which don't have the resources and
| expertise of the others (think DEA, ATF...) buy from 3rd
| parties.
|
| 4. Zero days are a scarce resource, if I ran an agency I'd
| rather use someone else's every day and keep my own just
| for the special stuff.
|
| In summary, it's exceedingly appealing for bodies like the
| Dutch police to use NSO tools and NSO's association with
| the Saudis and other provides a convenient masking to their
| operations.
| input_sh wrote:
| Western governments mostly make their own. Other with less
| resources buy off-the-shelf products.
| bakuninsbart wrote:
| The Israeli government classified Pegasus, the software by NSO
| currently in the news, as a weapon, thus restricting its
| exports.
|
| If you look at the list of customers, it quickly becomes clear
| that they are the same organizations that make the laws.
| AtlasBarfed wrote:
| "same organizations that make the laws"
|
| More importantly, they are the ones that decide what laws are
| enforced.
|
| What is sad is that in America, the law around surveillance
| and security is largely a nice marketing campaign. Sure, you
| have rights that protect you from the government.
|
| But practically speaking the government won't enforce them,
| doesn't stop its employees from abusing them even for
| personal drama, undermines or stops dead any lawsuits by
| saying the discovery is impossible due to "national
| security", or will invent terms like "enemy combatant" and
| then apply them to its own citizens to bypass even the
| constitution. It will setup "oversight courts" that
| rubberstamp everything and have no real power or regulatory
| function/safeguard.
|
| The result of this is that each presidential election is
| becoming truly dangerous to the opposition. If a McCarthyism
| movement takes over either party that's in power with the
| modern surveillance infrastructure, legal "precedents"
| established by Bush in the war on terror, the confirmation of
| those powers by the Obama administration holding onto them
| and continuing funding of infrastructure, undermining of
| judicial powers, rote acceptance by the people at large, and
| propaganda outlets available to push messaging, and huge
| amounts of institutional mores and standards thrown out in
| the Trump administration, the opposition has real motivation
| to feel an existential threat.
| kdkdkdkdk wrote:
| You should realize that in the US, conservatism is the
| opposition (since conservatives have no media power, no
| power in academia, no power in HR, and have lost the House,
| the Presidency, the Senate, and the Joint Chiefs of staff
| despite electing a president who spent four years trying to
| reduce the effect of entrenched ideologically driven
| bureaucrats ("drain the swamp"), he failed to do so, and
| was destroyed for his effort by the same interests he was
| elected to oppose)
|
| If you don't understand this perspective -- I'm not asking
| you to agree with it, only to approach it with an open mind
| -- this viral thread on Twitter explains it better than I
| can
|
| https://mobile.twitter.com/martyrmade/status/14131651689560
| 8...
| JumpCrisscross wrote:
| > _If you look at the list of customers, it quickly becomes
| clear that they are the same organizations that make the
| laws_
|
| Israel's unicameral, sovereign, supreme state body, the
| Knesset [1]?
|
| [1] https://en.wikipedia.org/wiki/Knesset
| lupire wrote:
| no, its customers are _foreign_ governments. its world
| governments against world people, not nation vs nation.
| ashtonkem wrote:
| "State backed terrorist group" is a classification that
| exists, although it's highly unlikely to be used here for
| obvious reasons.
| sorokod wrote:
| From an radio interview with NSO spokesman ( an ex spokesman
| for the IDF ), all sales require the Israeli MoD approval.
| vmception wrote:
| Is that more of a notification form or an actual
| collaborator process with a tribunal?
| azernik wrote:
| The Ministry of Defense has a strong inclination to
| approve any such requests. It's a hassle for the company
| in question, but the system is set up to encourage inflow
| of foreign capital to build up and maintain the defense
| industry.
| secfirstmd wrote:
| Also great opportunities for backdoor access...
| sorokod wrote:
| In the same interview the spokesman said that some
| companies choose to avoid it by operating from offices
| outside of Israel (Bulgaria and Cyprus were mentioned).
| This seems to imply that the process is burdensome.
| vmception wrote:
| Burdensome could be as simple as there being some
| transparency in a completely simple notification process.
| Doesn't tell much.
|
| Sometimes I avoid listing directors of a new corporation
| by forming an LLC and privately filing with the IRS to
| treat it as a C-Corp
|
| Doesn't mean the regulations were tough, but still
| burdensome in some small way
| q1w2 wrote:
| The intelligence community ties between the US and Israel - and
| the private security companies is so tight, that there is no
| way this doesn't link back to the US gov't.
|
| "five eyes" is nothing compared to the level of cooperation
| between the US and Israel on cybersecurity.
|
| One of the very first things I noticed when I started in
| cybersecurity was the prevalence of Israeli accents.
| m3kw9 wrote:
| I wonder if Amazon kept a copy of all their images?
| fjtktkgnfnr wrote:
| Given how much care they took not to write the payloads to the
| phone storage, presumably they took the same care not writing
| it to server storage on cloud hardware.
| sneak wrote:
| I am willing to bet money that NSO Group has multiple AWS
| accounts, many under several layers of cover.
|
| You can't really spin them up with any significant quota on short
| notice (ask me how I know, AWS service team) so having
| established ones with workable limits in advance across multiple
| cloud providers would be table stakes for any competent spying
| organization.
| duxup wrote:
| I'm sure that applies to most every service as far as bad guys
| operating covertly.
|
| I've no problem with AWS or anyone playing whack-a-mole and
| giving them the run around in the meantime ...
| confiq wrote:
| https://www.digitalviolence.org/
|
| It kinda describes how NGO operated and it's great infographic!
| [deleted]
| CTDOCodebases wrote:
| WTF? Wasn't it the NSO that hacked Bezos's and Khashoggi's phone?
|
| I guess the customer is always right up until the point the widow
| of your murdered employee goes to the press.
| polar wrote:
| > Bezos
|
| Bezos' phone probably wasn't hacked.
|
| https://www.bloomberg.com/news/features/2021-05-05/how-jeff-...
| s_dev wrote:
| https://www.wired.com/story/bezos-phone-hack-mbs-saudi-
| arabi...
| tedunangst wrote:
| Why would you post an article from Jan 2020 as a rebuttal
| to an article from May 2021?
| s_dev wrote:
| Can anyone read your URL since it's behind a paywall?
| jazzyjackson wrote:
| Bloomberg don't want me to know (paywalled)
| sofixa wrote:
| Didn't Bloomberg ruin their tech reputation with the still-
| unproven (years later) and probably baseless claims of nano
| chips planted in the supply chain of Supermicro ?
| perl4ever wrote:
| People keep asking that. Seems like every few weeks for
| however long it's been, I see a comment like yours.
|
| I haven't seen anyone mention what news source meets the
| standard of never having published an article with
| insufficient evidence according to one or more people on
| the internet.
|
| I mean, obviously not the NY Times, for instance, right?
| sofixa wrote:
| A good news source would retract their initial article(s)
| when experts debunked them and _nobody_ could
| corroborate, not double down with even less evidence.
| perl4ever wrote:
| It's notoriously hard to prove a negative.
|
| But what I'd really like to know is who is a "good news
| source" in contrast to Bloomberg.
|
| If one doubtful article discredits an entire
| organization, it's pretty astounding to me anyone worth
| trusting can exist. The Daily Mail?
| ashtonkem wrote:
| Good. Every single person employed by them should also find
| themselves shut out of the industry for life.
| salimmadjd wrote:
| Frontline (PBS)in partnership with Forbidden Stories are doing a
| report [1] on NSO hacking the phone of Khashoggi's fiance and
| other journalist and activists around the world. Looks like her
| phone was compromised by NSO based on the reporting on this
| video.
|
| [1] https://www.pbs.org/wgbh/frontline/article/how-nso-group-
| peg...
| sloshnmosh wrote:
| I contacted Amazon to report an advertiser out of Tel Aviv that
| was using JavaScript hosted on CloudFront to fingerprint user's
| devices and if an Android device was detected a fake media player
| or fake CAPTCHA would trick user's into accepting push
| notifications for fake virus warnings to install questionable
| apps from the Play Store.
|
| This script also pushed ads for a fake AdBlock app that was a
| dropper for banking trojan apps.
|
| Amazon refused to do anything about it.
|
| More info:
|
| https://forum.xda-developers.com/t/massive-mobile-advertisin...
| jjoonathan wrote:
| It feels like this is more a result of Amazon not being able to
| connect you with the right escalation path to verify & act on
| these claims than a considered decision to ignore them.
|
| Does anyone here know what an individual reporter should do? Is
| there an escalation ramp that exists but was so poorly marked
| that neither sloshnmosh nor Amazon support was able to find it?
| Does the ramp go through other organizations (e.g. report to
| CERT or some other org first and come back with a case ID)?
| Does the ramp not exist and need to be built?
| bbarnett wrote:
| _It feels like this is more a result of Amazon not being able
| to connect you with the right escalation path to verify & act
| on these claims than a considered decision to ignore them._
|
| Those two things are actually the same thing, both are
| wilfully ignoring situations like this.
| seanmcdirmid wrote:
| Never assume malice where ignorance and incompetence would
| suffice instead. Those two things are actually not the same
| thing at all, depending on how you define "willful."
| atatatat wrote:
| Never assume ignorance where a scumbag can take new
| default level of societal ignorance and hide behind
| it....
| csharptwdec19 wrote:
| It's malice but from a different aspect; willful malice
| in the name of 'cost cutting'.
| xyzzy123 wrote:
| How many FTEs should they have dedicated to triaging
| security complaints from (relatively speaking) randos on
| the Internet about their customers?
|
| Also, would you take that job?
|
| Some poor support person probably got this and punted
| because they couldn't pattern match to something in their
| handbook.
|
| For every thoughtful, detailed security report there are
| about 500 others that involve voices from appliances,
| self-xss, csrf on logout and 5G coronavirus. It is
| extremely difficult for L1 support to make sense of
| these. Having a support contract or attracting attention
| on the forums are decent ways to pop out from the
| background noise.
| blacksmith_tb wrote:
| Not to worry, they'll replace their overworked human
| staff with sentiment analysis bots which will do an
| equally uneven job of sorting the wheat from the chaff,
| with even less hope of appeal.
| [deleted]
| Forbo wrote:
| Never assume ignorance where greed would suffice.
| wolverine876 wrote:
| Amazon could do it if they wished; they don't want to.
| twirlock wrote:
| How about never assume ignorance when you're dealing with
| a giant corporation's systemic problem that the giant
| corporation benefits from ignoring.
| toss1 wrote:
| Yes, that is a good summary of Hanlon's Razor, a sort of
| corollary to Occam's Razor about mot creating unnecessary
| entities in your conceptual models.
|
| Hanlon's Razor is a good first approximation or initial
| approach to a situation, not the end of the discussion.
| There are many situations where incompetence may appear
| to be an explanation, but is in fact not the root cause,
| and may even be being actively used as a cover for
| malicious actions.
|
| The point of the razor is that it is up to us to sort out
| the difference, not to just jump to a conclusion that it
| is malice, or that it is incompetence.
|
| In this case, Amazon has had plenty of time, resources,
| and skilled people to see the need and implement an
| escalation & resolution pathway. That they have so
| persistently failed to do so for so long indicates a
| cause beyond mere incompetence. Even if they are not
| being as actively malicious as the malware distributors,
| they clearly and actively DGAF.
| seanmcdirmid wrote:
| > That they have so persistently failed to do so for so
| long indicates a cause beyond mere incompetence.
|
| So you are claiming that they have had so many
| opportunities to do the right thing, that they aren't
| merely incompetent, but are in bed with the evil doers?
| That would be a huge claim, to say the least.
| duxup wrote:
| They can be very different things.
|
| Poor communication channels happen even when folks don't
| want it to. Humans are bad at doing such things.
| adreamingsoul wrote:
| The AWS forums are going to be the best way to start a
| discussion with people who can escalate.
| londons_explore wrote:
| Doesn't cloudfront generally act like cloudflare? Ie. We
| don't inspect your content. Law enforcement are the only
| people who can stop us hosting a site.
| stevenicr wrote:
| clouflare stopped being like that long ago. they publicly
| posted that they will take down stuff they makes the ceo
| worry, and they will inspect what your users are
| reading/sharing - and notify agencies with powers and guns
| when they find stuff from now/then on.
|
| - no longer a dumb pipe, no longer neutral, actually active
| in directing law enforcement to take you down and possibly
| take people out.
| jorvi wrote:
| Cloudflare has taken voluntary action on sites 2 (or 3?)
| times now. They can no longer claim complete neutrality. I
| don't know about Cloudfront.
| 0xbadcafebee wrote:
| It has nothing to do with "neutrality", they have Terms
| of Service like every single service provider in the
| world. If you violate them, there goes your infra.
| Spreading malware is almost certainly a violation of AWS'
| ToS (Amazon engs, correct me if needed)
| meowface wrote:
| It's a little more complicated than that in Cloudflare's
| case. The debate isn't really relevant to AWS/CloudFront
| or anyone else, but Cloudflare has famously had a policy
| of not kicking off any customers as long as they abide by
| US law. The CEO publicly identifies as a free speech
| absolutist. (Malware/phishing/etc. is still removed,
| since it's illegal.)
|
| The CEO publicly broke their policy on this on two
| occasions: the neo-Nazi website The Daily Stormer, and
| 8chan. In each case, only after a long saga played out.
|
| For The Daily Stormer: after they mocked the deceased
| victim of the Charlottesville rally, Cloudflare received
| public pressure to boot them but refused, and then the
| owner subsequently tried to troll them/the public by
| claiming Cloudflare executives secretly supported their
| ideology, causing them to finally be removed.
| (https://blog.cloudflare.com/why-we-terminated-daily-
| stormer/ )
|
| For 8chan: Cloudflare received a lot of heat for not
| removing them after the first and second incidents of
| posters becoming mass shooters, eventually removing them
| after the third mass shooting.
| (https://blog.cloudflare.com/terminating-service-
| for-8chan/)
|
| I forget the term/aphorism for this (like "double-bind",
| sort of), but they put themselves in an awkward position
| because they're probably one of the most neutral service
| providers out there - still far more than probably anyone
| else to this day - but by marketing themselves as 100%
| neutral, being only 99.99999% neutral created lots of
| lasting negative PR that people still regularly bring up.
|
| Any other company would've kicked those people off way
| sooner and there would've been little to no publicity,
| because they routinely do such things, but now Cloudflare
| is hated by both the pro-censorship and the anti-
| censorship crowd. (See:
| https://en.wikipedia.org/wiki/Cloudflare#Mass_Shootings
| and everything below. It's quite a rollercoaster.)
| ignoramous wrote:
| If you violate policy (of which there are likely many
| varied yet incontestable interpretations), AWS pulls the
| rug out from under you faster than one can say "neutral".
| That's excluding they do not _make_ newer policies on-
| the-fly.
|
| Ex A: https://signal.org/blog/looking-back-on-the-front/
| LoveLeadAcid wrote:
| Nah, Amazon has a cozy relationship with intelligence
| agencies (CIA, for instance, uses Amazon for cloud services)
| and they probably don't want to step on any dangerous toes or
| lose money and business.
| berto4 wrote:
| always a narrative/explanation...right on
| Kiro wrote:
| It's always the other way around. A company can never do
| anything right. HN will always find an ulterior motive.
| jjoonathan wrote:
| If there _is_ no escalation path, that 's a big problem,
| and nobody here is pretending otherwise.
| squarefoot wrote:
| That NSO Group infrastructure was burned, the one you reported
| (still) isn't.
| reaperducer wrote:
| _Amazon refused to do anything about it._
|
| Actually "refused" to do anything about it, or didn't respond
| to you?
| Scoundreller wrote:
| I've had government agencies claim it's not a
| refusal/rejection if they refuse at the moment and claim you
| _might_ (with no guarantee) have success if you try later.
|
| I call it a "constructive refusal".
| smokelegend wrote:
| i.e. "differed success"
| ericbarrett wrote:
| Did they reply in the negative or just not respond?
| achow wrote:
| How does it matter?
|
| No response is a response and in this kind of situation it is
| explicit "I will not do anything and I'm dishonest enough to
| not acknowledge that.".
| jabberwik wrote:
| To me, a negative response says "We have evaluated our
| policy and decided that we will not stop this." A non-
| response says "A frontline agent didn't know how to make a
| call on a non-downtime ticket from a non-customer so now
| it's in a bureaucratic black hole and nobody has actually
| read your email and probably never will." Which is still
| crappy, but not really malicious in the same way.
| ericbarrett wrote:
| I was curious, not being cynical toward sloshnmosh. Much
| can be inferred from Amazon's choice of reply.
| TechBro8615 wrote:
| I wouldn't be so quick to rush into a future where Amazon
| takedowns are as easy as YouTube DMCA requests.
| dpifke wrote:
| In the meantime, Google and Amazon simply ignore all
| complaints about spam originating from their networks.
|
| In the olden days of the internet, ISPs that ignored abuse
| complaints would be blocked by their peers. Now that Gmail
| and AWS are too big to block, they act with impunity.
| JumpCrisscross wrote:
| > _In the meantime, Google and Amazon simply ignore all
| complaints about spam originating from their networks_
|
| How did we get to equating selling tools for murdering
| journalists to spam in just three comments?
| dpifke wrote:
| I don't see where anyone in this thread said that the two
| are equivalent?
|
| Amazon (and others') pervasive shitty handling of non-
| DMCA abuse reports seems relevant, however.
| giantg2 wrote:
| It doesn't really matter how difficult it is. What this
| demonstrates is that AWS is not a public utility and will be
| swayed by mob rule to take down companies that are no longer
| "acceptable".
| DSingularity wrote:
| Yes! Let's stay in a present where Israeli hackers-for-hire
| can help dictatorships capture and murder dissidents.
|
| At a minimum we should demand transparency and accountability
| from all of these scale-enabling organizations.
| ben_w wrote:
| Obviously I am not in favour of that either.
|
| Making takedowns automatic on any user report means the
| dictators take down the apps of the dissidents.
|
| In the absence of AI that would necessarily have to be good
| enough to also radically change society and the economy,
| the only solution I can even think of is a big increase in
| funding for the policing of apps. Who exactly would fund
| that? Governments would want to use such powers to pursue
| their own agendas, while Big Tech taking a proportion of
| App Store income is already being called "[Apple|Google]
| tax".
| jjice wrote:
| Given two sides of a spectrum, one will take that one that
| aids their argument most. We need a healthy middle, like
| most cases.
| hef19898 wrote:
| I guess your founder and CEO being victim of something
| similar helps in these decisions. Or not.
| [deleted]
| mrits wrote:
| I wish we could just go back to the pre amazon days where
| we didn't have problems in the middle east
| kjaftaedi wrote:
| One would hope Amazon is capable of having a reasonable terms
| of service and enforcing it without the need for government
| intervention.
| TechBro8615 wrote:
| Sure, but the OP was an anecdote about an _individual_ that
| requested Amazon to cease rendering services to a third
| party. No government was involved.
| [deleted]
| justinclift wrote:
| Ouch.
|
| > The Amnesty report said NSO is also using services from other
| companies such as Digital Ocean, OVH, and Linode ...
|
| We've been using Digital Ocean for a few years now
| (sqlitebrowser.org), and they've been really good. Hopefully they
| look into this and take some useful action. :)
| neom wrote:
| It's "DigitalOcean" - sorry to be pedantic, it drives me
| absolutely nuts when people put a space between, especially
| publications.
| LoveLeadAcid wrote:
| I call it an iPad and an iPhone, not iPad and iPhone like
| Apple wants me to.
| apercu wrote:
| Thanks for this. I needed a chuckle.
| syspec wrote:
| Careful of the Streisand effect.
| lokedhs wrote:
| There is another point if view, and that is that corporate
| marketing should not take precedence over correct use of
| language.
|
| Some languages tend to be more strict about this. I think
| it's particularly common to see English play fast and loose
| with the language compared to other languages.
|
| In Sweden, for example you will see media write Iphone,
| because it's a name, and names are capitalised.
|
| The same goes for Digital Ocean, or Digitalocean if you
| prefer. It can definitely be argued fairly that the writer
| does not have to break language conventions just because a
| company says they have to.
| unfunco wrote:
| Another point of view: DigitalOcean.com works but Digital
| Ocean.com does not.
| gambiting wrote:
| You can actually flip that argument on its head - that
| maybe Digital Ocean was intended,but because a URL cannot
| contain a space, we ended up with a space-less version.
| [deleted]
| lupire wrote:
| In English,
|
| Also, Marty McFly is not Marty Mc Fly or McFly. Internal
| capital letters are OK.
| cinntaile wrote:
| The media in Sweden use both by the looks of it. They do
| that for IKEA as well but it doesn't really make sense imo
| since it's an abbreviation of names. Both are made up
| language constraints anyway so I don't really see why the
| typographic rules of a language are more important than the
| equally artificial typographic rules of a company name.
| lokedhs wrote:
| You will definitely see both. You'll see things like
| Iphone being written by media sources that pride
| themselves on good writing, such as Dagens Nyheter.
|
| If you go to https://sv.wikipedia.org/wiki/Ikea the first
| sentence can be translated to English as: "Ikea Group,
| written by the company as IKEA Group, is a multi-national
| furniture company founded in 1943 by Ingvar Kamprad"
|
| Words such as TV started out in upper case because it's
| an acronym, but once it becomes a normal word, it's
| written in lower case.
| cinntaile wrote:
| They still write Iphone X, why not Iphone x? or Iphone
| 10? or Iphone tio? Roman numerals aren't really a part of
| the Swedish language after all. They write IOS or iOS,
| why not Ios? Is this not a normal enough word? It's just
| artificial rules replaced by a different set of
| artificial rules. Why not just use what everyone else
| uses, haha.
|
| A bit of a meta discussion in a thread totally unrelated
| to this, sorry about that.
| lokedhs wrote:
| I think we're drifting away from the original point,
| which is about not letting corporate marketing
| departments decide how the written language should work.
| I used Swedish as an example of a language where this is
| a more firm rule than English, but Swedish is certainly
| not alone. It just happens to be the language I know
| best.
|
| But, I do find the topic of Swedish writing standard to
| be interesting, so I'll be happy to do my best in
| responding to your questions, even though I'm not
| formally a linguist (although I was raised among them)
|
| With regards to your question, I'd write Ios, because
| it's not an acronym and I do believe that I'm not alone
| in this. About the version number, I find at least one
| case of the use of Ios 10 at Svenska Dagbladet:
| https://www.svd.se/apple-har-atgardat-problem-med-
| ios-10/om/...
|
| However, it seems to be highly inconsistent, and this is
| probably caused by these organisations saving money on
| proof readers.
| midev wrote:
| > which is about not letting corporate marketing
| departments decide how the written language should work
|
| Why do you keep repeating this? You say you were raised
| among linguists, but you're getting the most basic tenant
| of linguistics wrong. There is no such thing as "correct"
| language.
|
| But more to the point, language allows you to write
| proper names as though they are registered or defined. It
| is not incorrect to spell it DigitalOcean, because that's
| the registered name.
|
| If my name was JoeBob, you don't get to split up my name
| just because you think English requires it.
| [deleted]
| wpietri wrote:
| Exactly. Language is for all its users. I can insist that
| my name be rendered only in 14.5 pt Comic Sans colored with
| Pantone 19-3336 ("Sparkling Grape"). But people get to
| decide for themselves how they're going to speak and write.
| Corporate branding guidelines constrain only their
| employees and people who want to curry favor with them.
| Everybody else can do as they please.
| midev wrote:
| > Corporate branding guidelines constrain only their
| employees and people who want to curry favor with them.
| Everybody else can do as they please
|
| What a weird take on why you should spell a company name
| correctly.
|
| Correct, nobody is going to put you in jail for
| misspelling Digital Ocean. You can do as you please. But
| everyone else is going to think you don't know what
| you're talking about if you can't even get their name
| correct.
| toss1 wrote:
| Good point that everyone else can do as they please.
|
| Moreover, this can be a big problem for the corps, and it
| is up to the Corp to protect their trademark and prevent
| everyone from doing quite as much as they please.
|
| If people start using a trademark as a generic term too
| much, the trademark can be lost. There are legions of
| examples, starting with aspirin, escalator, dumpster,
| etc. [1]. So, they try to insist that it be used only the
| (TM) or as "Acme Brand widgets". It would not surprise me
| to see Google end with the same fate.
|
| [1] Lexology: Death of a Trademark: Genericide. https://w
| ww.lexology.com/library/detail.aspx?g=5027217f-1db2...
| midev wrote:
| > There is another point if view, and that is that
| corporate marketing should not take precedence over correct
| use of language.
|
| There is no such thing as correct use of language. That
| being said, you should spell proper names as they are
| registered. It's iPhone, not Iphone.
|
| > It can definitely be argued fairly that the writer does
| not have to break language conventions just because a
| company says they have to.
|
| Language convention is to spell the name as the company as
| it is registered. You wouldn't change someone's last name
| because it didn't follow some other, slightly related
| convention...
|
| https://english.stackexchange.com/questions/38827/how-to-
| wri...
| dylan604 wrote:
| My pet peeve is publications spelling NASA as Nasa. They've
| come up with some story to explain their decision that sounds
| just as bad as some of the lies Walter White told. I don't
| care how ubiquitous NASA maybe, it is and always will be an
| acronym. I accept removing the dots so it's not N.A.S.A., but
| I will only accept Nasa as a formal name if that's the name
| of a person.
| FactolSarin wrote:
| How do you feel about "scuba" or "laser?" Acronyms that are
| pronounced like they're spelled (eg, Nasa, gif, taser) tend
| to end up being spelled like words sooner or later instead
| of being in all caps.
| dylan604 wrote:
| Personally, I don't write SCUBA or scuba, as it's just
| not part of my day to day conversation, but I would go
| with SCUBA. Also, it's never just laser or LASER, it's
| friggin LASER!!! Pew Pew!
| jumelles wrote:
| It's a British/American English difference.
| Bayart wrote:
| Allow me some pedantry as well : if people consistently make
| the same mistake with the name of a product, is the problem
| with people or the name ?
|
| As lokedhs alluded, it clearly breaks established typographic
| rules.
| detritus wrote:
| I see you 'helped build' Digital Ocean, so I can understand
| your personal reasoning, but really - it's not at all
| important to anyone else.
|
| Also, wasn't that a bit of a fad back in the late 90s early
| 00s? I know my wee business followed the path of
| concatenating words for brand ...something... , but I
| honestly couldn't care less how other people deploy it in
| their own space, as long as they remember the name.
| neom wrote:
| Of course, some people might choose to reply "Oh I see you
| worked on DigitalOcean! Funny people care about something
| like that, but given another human does, I'll respect
| that!" Some might chose to reply "I can do whatever I want,
| I don't really care what you think" - people can choose how
| they react. It's always very interesting to me who choses
| what, it's very telling regarding personality. I am well
| aware people are welcome to do as they please,
| nevertheless, the name of the company is "DigitalOcean" not
| "Digital Ocean".
| detritus wrote:
| Reading my response back now, I didn't mean to sound
| cynical or abrasive when I quoted 'helped build' from
| your profile.
|
| I could have as easily said "I see you were involved
| in.." or whatever and that would not have sounded snarky.
|
| Honestly though, I didn't think it through that much, I
| just literally quoted what I saw. Just in case you
| thought that was where I was coming from!
|
| </reddit>
| bob1029 wrote:
| > sqlitebrowser.org
|
| Everyone at my company loves your tool. Please keep up the
| great work!
| wila wrote:
| Thanks for working on sqlitebrowser!
| TravelPiglet wrote:
| Purged my account at DO now. Sad that companies like DO care
| more about money than a free society
| walrus01 wrote:
| I have to say I'm not surprised that NSO and similar entities
| are using any CDN/large-scale hosting company they can find.
| The bigger the better, and spreading their stuff around as
| widely as possible with as much obfuscation in server purpose
| as possible. Such things are impossible or problematic to
| block/null-route without breaking many other things hosted at
| same AS.
| Scoundreller wrote:
| Which is a sad state of affairs.
|
| Want to run a service with few problems? Here are the 6
| companies you better run it through otherwise you can't
| guarantee anything.
| [deleted]
| coldcode wrote:
| If someone were to use NSO paid hacking to attack Apple
| executives's devices and then release everything they found, I
| bet Apple might take this more seriously instead of having some
| PR flack write marketing copy. Same is true of any tech company:
| until it hurts them specifically they can just ignore it or make
| it sound innocuous. Maybe Amazon has been targeted and they found
| out.
|
| If someone were to use it against US government entities, maybe
| the NSA/CIA/etc might decide enough is enough, no matter what
| country they are in. So far at least publicly it seems like a
| non-event. But once the phone numbers are identified from that
| leaked list, things might become more serious for NSO.
|
| People used to fight real wars against adversaries who targeted
| their country in some way, why should commercial entities
| supporting such attacks not be treated the same, except via non
| military action? Spying has always been done, but it can lead to
| serious consequences.
| JumpCrisscross wrote:
| > _Apple might take this more seriously instead of having some
| PR flack write marketing copy_
|
| What are they supposed to do?
| kilroy123 wrote:
| Take security a lot more serious than they currently do.
| They've had some seriously embarrassing security holes in
| their software the last few years.
|
| Also, they could increase the payout for their bug bounty.
| Why report to apple for a 0-day when you can make $1 million
| from these guys? It's not like Apple doesn't have the cash.
| adventured wrote:
| > Take security a lot more serious than they currently do.
|
| That statement doesn't mean much. How do you know they're
| not taking it seriously enough and still struggling with
| the enormity of the problem regardless? You could always
| claim any entity isn't taking security serious enough.
|
| The alternative explanation makes a lot more sense:
| security is extremely difficult at Apple's scale, serving a
| billion consumers with complex and essentially always-
| connected electronic devices (not to mention their huge
| services business now). Devices that also happen to be one
| of the single most important attack points that there is.
| ramraj07 wrote:
| Then why not increase the bounty? What are they possibly
| going to loose? What's a few million for a company that
| makes hundreds of billions a quarter?
|
| If you're gonna say there will be a flood of zero days
| that the cost will add up that also doesn't support their
| security seriousness.
| badkitty99 wrote:
| They could attempt to slow down the ad-ridden stupidity
| train they have everyone riding on, believing there is no
| such thing as iphone security tools besides the steaming
| iOs UpDaTeS
| fjtktkgnfnr wrote:
| > _If someone were to use NSO paid hacking to attack Apple
| executives 's devices and then release everything they found, I
| bet Apple might take this more seriously instead of having some
| PR flack write marketing copy._
|
| That's not why Apple is skittish about this. Any action from
| them would invite the question "What about China?". And Apple
| loves China('s money).
| ed25519FUUU wrote:
| Everybody is coming down on NSO but why aren't we asking more
| about the clients?
|
| Who is spying on "CEOs, politicians, religious leaders, union
| bosses"? And once these people are compromised, what are they
| being asked to do?
| dredmorbius wrote:
| NSO (and its infrastructure) are the vulnerable single point of
| control. That's in fact part of the service they're offering,
| whether they realise it or not: outsourcing blame, exposure,
| culpability, and liability. Something like how a re-entering
| spacecraft is fitted with a sacraficial ablative heat shield.
| The shield's job is to absorb punishment, often destroying
| itself in the process, protecting the more valuable payload.
|
| The problem with this model is that NSO are, as with heat
| shields, replaceable. A new target will appear to take its
| place.
|
| But that too will draw attention, it will have to assemble
| talent (leadership, engineering, sales, operations), and will
| itself have vulnerabilities. As I suggested in a thread
| yesterday, playing in the field of dirty ops raises prospects
| for piercing the corporate shield of liability for all those
| involved: the firm, its personnel, investors, creditors,
| suppliers, and where identifiable, clients.
| Spooky23 wrote:
| Shouldn't there be an outcry against the suppression of free
| speech?
|
| When Facebook or Google blocks extremist propaganda, it's a big
| thing. What jurisdiction's laws were broken by this company?
| theshadowknows wrote:
| I dunno. NSO group is extremely capable. I know a lot of folks
| go back and forth on the "if you don't want X vendor to shut
| you down then go build it yourself" and for various reasons.
| But in the case of NSO group I feel like AWS cutting them off
| is probably more of an annoyance than anything else. They're
| gonna be ok.
| Leparamour wrote:
| Possible. But they rely on the infrastructure AWS, Linode or
| DigitalOcean provide in order to fly under the radar among
| legitimate traffic. If all of these service providers were to
| blacklist NSO, Candiru or Cellebrite those would have to fall
| back to more exotic providers and would therefore be easier
| to uncover.
| gcthomas wrote:
| Not convinced that using the service to distribute malware, on
| behalf of odious third party governments for antidemocratic
| purposes, is protected by free speech demands. It's not speech,
| is it?
| goodpoint wrote:
| > It's not speech, is it?
|
| That's besides the point. And BTW yes, distributing data can
| constitute speech.
|
| Free speech has nothing to do with providing services to
| antidemocratic entities.
| asah wrote:
| You gotta draw the line somewhere - this is way over that line.
| geofft wrote:
| Isn't the line due process of law, though? If NSO is
| allegedly committing a crime, then we can punish them in
| courts of law that are empowered and qualified to investigate
| the allegations fully and decide whether to deprive them of
| their rights. Why would we put these decisions in the hands
| of Big Tech?
|
| At least, that's what I heard during the debates about
| deplatforming Parler. It was apparently very bad for private
| companies to decide that a customer was engaging in
| distasteful but legal actions. What is the principled
| argument that it was not okay for AWS to take down Parler but
| it's okay for AWS to take down NSO?
| rad_gruchalski wrote:
| AWS ain't a law agency. They just decided to boot this
| organization out of their infra. Fair enough. AWS simply
| decided they don't want to benefit financially from this
| organization's operations.
| JumpCrisscross wrote:
| > _Isn 't the line due process of law, though?_
|
| For state actions, yes. For private actors, if I suspect
| someone is using my services to break the law or engage in
| terrorism, "but your honor, I didn't have a court order
| _confirming_ they were terrorists " won't cut my liability.
|
| Parler was a free speech question because it was almost
| purely speech. NSO Group isn't just speaking. It's doing,
| and it's doing things that will bring liability for people
| around it.
| Dah00n wrote:
| So then the question becomes Did Amazon let police gather
| evidence before touching anything?
| JumpCrisscross wrote:
| > _So then the question becomes Did Amazon let police
| gather evidence before touching anything?_
|
| Why does that become the question? If I fire a customer,
| must I ask the police for permission first?
|
| America isn't a police state. And we don't have general
| data retention laws. The First Amendment contains both
| the freedom of speech and freedom of assembly; there is a
| balance between Parler's freedom to spew rubbish and
| Amazon's freedom to not assemble with them. With NSO
| Group, the free speech question is sharply constrained;
| Amazon's rights are thus stronger.
| jonplackett wrote:
| no
| duxup wrote:
| If you're preventing someone from using your service who is
| used by people to prevent free speech.... what's the rule?
| bagacrap wrote:
| delivering malware seems like it runs afoul of the computer
| fraud and abuse act
| geofft wrote:
| Sure, and it "seems like" the extremist propaganda that Big
| Tech shut down was violating all sorts of other laws like
| incitement.
|
| Is "seems like" enough of a reason now for private companies
| to choose not to contract with other private companies? Or
| should we go to a judge and jury in both cases?
| xoa wrote:
| > _Sure, and it "seems like" the extremist propaganda that
| Big Tech shut down was violating all sorts of other laws
| like incitement._
|
| Most of it actually wasn't FWIW, hateful extremist content
| is generally perfectly legal free speech. "Incitement" gets
| used way, way too often on the internet, almost nothing
| that gets posted online is legal incitement. But neither
| "Big Tech" (such a dumb term) nor Hacker News nor a random
| forum on birds needs any violation of law or anything else
| to moderate what gets posted on their sites. It doesn't
| have to be "negative" or whatever at all even. There is
| nothing illegal or objectionable about someone who likes
| discussing trains for example. But if you post lots just
| about trains on a birder forum they may delete all your
| posts and ask you to stop because they want to focus on
| birds, and if you continue to do so they can delete
| everything and ban you. Why would there be anything wrong
| with that?
|
| Private society looking at extremist content and saying
| "we're not going to shoot you over it but we do strongly
| object and we're going to socially ostracize you and deny
| you business and our support in any way we can" is free
| speech working as intended.
|
| > _Is "seems like" enough of a reason now for private
| companies to choose not to contract with other private
| companies?_
|
| Uh, yeah? People can refuse to do business with each other
| for _nearly_ any reason at all, and definitely for anything
| other people merely say or do (at least, within the bounds
| defined by any existing contracts, but Amazon has covered
| its bases pretty well there to put it mildly).
| geofft wrote:
| To be clear, I'm personally all in favor of Amazon
| choosing who they want or don't want to contract to. But
| the comment I was replying to was saying it's only okay
| (as in, good for society, I guess) for Amazon to kick off
| NSO because Amazon thought they were violating the law. I
| agree most extremist content is legal free speech, but
| not all of it is, which should be enough reason, by that
| rule, to kick off extremist content.
|
| I'm simply agreeing with the comment at the top of the
| thread - all the outcry we usually hear about private
| companies being too powerful should apply here too. (My
| opinion is there should be no outcry about either.)
| Spooky23 wrote:
| Thank you... you made the point better than I.
| ThrowawayR2 wrote:
| > " _Private society looking at extremist content and
| saying "we're not going to shoot you over it but we do
| strongly object and we're going to socially ostracize you
| and deny you business and our support in any way we can"
| is free speech working as intended._"
|
| Given that such logic was once used to attempt to deny
| service to and harass PoCs, religious, LGBTQ and other
| formerly "undesirable" classes, society clearly doesn't
| buy that logic and made them into protected classes and
| required businesses to serve them on an equal footing.
| It's not a valid argument unless you're arguing to roll
| back protected classes too, which I hope you're not.
|
| (Note that I'm not defending NSO or Amazon here. I concur
| with others that NSO isn't engaging in speech, so while
| there may be a contract law issue between them and
| Amazon, there is no freedom of speech issue here.)
| xoa wrote:
| > _Given that such logic was once used to attempt to deny
| service to and harass PoCs, religious, LGBTQ and other
| formerly "undesirable" classes, society clearly doesn't
| buy that logic and made them into protected classes and
| required businesses to serve them on an equal footing._
|
| No, that was not the logic, businesses were not
| discriminating based purely on speech and choices of
| content. That's the point. I mentioned Protected Classes,
| but those are about entire _classes_ of people and things
| that are innate to their personhood. Skin color and sex
| /gender being obvious ones, but disabilities either at
| birth or acquired later in life still are innate aspects.
| We've decided that public businesses as part of the
| privileges they have may not discriminate and rightly so.
|
| But none of that has anything to do with actions and
| expression, and indeed a core part of the point is that
| all protected classes are in no way "inferior" or less
| capable of reason, argumentation, responsibility, social
| activities and so on! No one is born with some political
| alignment, as humans we all have to develop that
| ourselves.
|
| >* It's not a valid argument unless you're arguing to
| roll back protected classes too*
|
| No, because the worldview you've come to about given
| issues, morals and so on have nothing to do with
| protected classes.
| ThrowawayR2 wrote:
| > " _innate to their personhood_ "
|
| Religion is not innate, nationality is not innate (cf.
| the discriminatory "Help Wanted. No Irish Need Apply"
| signs of the 19th century), and while sexual preference
| may be innate, expression of it can be consciously
| restrained as demonstrated by all those people who
| suffered from being "being in the closet". Does not being
| innate mean these protected classes should not exist?
| Clearly not, so appealing to innateness does not rescue
| your argument.
| Spooky23 wrote:
| > Most of it actually wasn't FWIW, hateful extremist
| content is generally perfectly legal free speech.
| "Incitement" gets used way, way too often on the
| internet, almost nothing that gets posted online is legal
| incitement. But neither "Big Tech" (such a dumb term) nor
| Hacker News nor a random forum on birds needs any
| violation of law or anything else to moderate what gets
| posted on their sites. It doesn't have to be "negative"
| or whatever at all even. There is nothing illegal or
| objectionable about someone who likes discussing trains
| for example. But if you post lots just about trains on a
| birder forum they may delete all your posts and ask you
| to stop because they want to focus on birds, and if you
| continue to do so they can delete everything and ban you.
| Why would there be anything wrong with that?
|
| I don't think anything is wrong with that.
|
| What I don't understand is why AWS is justified to shut
| them down; but Google or Facebook is not justified in
| preventing their platforms from being propaganda
| distribution channels?
|
| Specifically here on HN, people were outraged about
| Google's actions, but at the time I posted my original
| comment, nobody seemed to be upset about AWS's actions
| against NSO, at all.
| xoa wrote:
| > _Shouldn't there be an outcry against the suppression of free
| speech?_
|
| Only if someone was one of the many people who don't understand
| what Free Speech is or incorrectly think of rights only in
| terms of themselves and people they like, not for those who
| they don't. In this case, Amazon is exercising their _own_ Free
| Speech rights. Free speech necessarily (and as a matter of law)
| means the freedom to _not_ speak and to _not_ associate with
| other people. If I want to lend my support to a specific
| candidate with a sign in my field, I necessarily must have the
| right to refuse signs by everyone else. If the government puts
| a gun to my head and forces me to let every single candidate
| put a sign in my field, then the effect is no special
| endorsement for anyone and a flagrant violation of my free
| speech rights.
|
| Someone denying another person the use of their own private
| property because of disapproval over their behavior doesn't
| generally mean any free speech issues, quite the contrary. As
| always there are certainly very rare edge cases, but none of
| them apply to a situation like this. Amazon refusing business
| to someone due to their race or gender or the like would be a
| problem, but "spies working with authoritarians" is not a
| Protected Class.
|
| > _What jurisdiction's laws were broken by this company?_
|
| Why would that matter? Amazon isn't the government. They aren't
| threatening with force/arresting/jailing/killing the NSO Group,
| just refusing to continue their business relationship. So they
| aren't restricted to caring about only illegal behavior. In
| fact a core part of the whole point of free speech is to move
| consequences into the realms of social and economic, rather
| then force, _not_ to eliminate all consequences entirely. There
| are a few limited legal instances they can 't discriminate
| over. Otherwise they can deal with whomever the hell they want.
| Spooky23 wrote:
| I don't understand the line where lots of people are
| seemingly outraged about people using online platforms to
| disseminate propaganda and extremist materials. (ie. most
| recently Google Drive)
|
| NSO group seems to be a not-so-nice company. But why does
| what they do justify blackballing, while similar companies
| (say BlueCoat or any of a dozen companies that provide
| solutions to hack on behalf of the police) are ok?
| xoa wrote:
| > _I don 't understand the line where lots of people_
|
| You're going to have to be more specific than a handwave-y
| "lots of people" to have good online discussions. You also
| need to be specific in your terminology. You need to
| actually address the _specific_ people and their arguments,
| or else do a much better job of phrasing an inquiry into
| theoretical tradeoffs. Ie., from your other reply:
|
| > _What I don 't understand is why AWS is justified to shut
| them down; but Google or Facebook is not justified in
| preventing their platforms from being propaganda
| distribution channels?_
|
| So I do in fact think Google and Facebook at 100%
| "justified" to shut them down, and I think Amazon is too. I
| _do_ have lines where I think morally, if not legally, a
| service can start to drift into quasi-governmental (or
| perhaps should be that way) territory. An example for me
| would be core physical infrastructure companies, not just
| at Tier 3 but also at Tiers 2 and 1. I think those should
| operate as common carriers. But I don 't think social media
| fits. Not using it at all (as I don't) may have "costs" in
| terms of social opportunities but alternatives are trivial.
|
| So for me there isn't any dissonance here, I generally
| support "Big Tech" (and everyone down the ladder)
| associating as they see fit when it comes to ongoing online
| service relationships within existing jurisprudence. The
| initial legal tweaks I'd like would be aimed at things like
| expanding user power in a purely additive way (like giving
| people the _option_ to access root hardware /software key
| stores), or internalizing costs some companies are shifting
| onto the public, rather then beating down what some people
| don't like.
|
| Hacker News (and every other forum) aren't hive mind and
| it's silly and tiresome to have them treated that way. What
| you did in your first post here was essentially throw up a
| big silly strawman.
| said wrote:
| I believe your confusion is insincere.
|
| There's a difference between someone being banned for
| stating the fact:
|
| > Jewish people have dramatically disproportionate income,
| wealth, and power in the United States. They're eager to
| levy that charge against White people, but they don't allow
| White people to levy that charge against them.
|
| ... and a deeply powerful, monied Israeli group getting
| banned for hacking into innocent people's phones and
| computers both for blackmail and for profit.
| Quanttek wrote:
| This is not even a free _speech_ problem in the first place.
| We are talking about actions. To draw up an analogy: If I own
| a gun store and I sell you a rifle and ammunition because you
| want to hunt deer and I learn that you started shooting at
| journalists instead, I can decide to stop selling (an _act_ )
| you further goods because of your _actions_.
|
| As pointed out elsewhere, this is a business relationship.
|
| In any case, the grave human rights violations that are the
| result of the use of Pegasus - including loss of life and
| liberty - weigh much more than an abstract notion of a
| corporation's freedom to act and impose their will on other
| corporations.
| ThrowawayR2 wrote:
| > " _In this case, Amazon is exercising their own Free Speech
| rights._ "
|
| Corporations aren't humans; they don't have free speech
| rights.
| nova22033 wrote:
| they absolutely do have free speech rights in the United
| States. Also, if NSO was hosting malware on AWS resources,
| it's almost certainly against their terms of service..
| xoa wrote:
| > _Corporations aren 't humans; they don't have free speech
| rights._
|
| As a matter of law in the United States you are objectively
| wrong. This has been settled in a series of SCOTUS
| decisions starting with Buckley v. Valeo (1976).
| Corporations are legal persons, and further the individual
| humans that make them up do not somehow lose the free
| speech rights just because they decide to take collective
| action.
|
| And in turn: as a matter of morality, common sense and the
| point of free speech you're also wrong. It's important that
| people be able to speak to power, and a core part of that
| for humanity is socializing, being able to form groups to
| support each other and pool ideas, skills and resources to
| have a greater effect than what any individual alone could
| accomplish. Seriously, you say "corporations don't have
| free speech rights"? Exactly what form of combined effort
| do you imagine most, say, _NEWSPAPERS_ are organized under?
| So what, you think individuals should be able to
| investigate something all by themselves, but the government
| should be free to put the boot down on newspapers because
| they 're corporations? You think _that_ jives with _free
| speech_?
|
| Oh maybe you only meant "the bad ones". That makes it very
| easy, but no reason to limit it to corps in this case, just
| stop "the bad humans" too and everything is great. Nothing
| could possibly go wrong with that plan, since everyone
| agrees who "the bad ones" are.....
| ThrowawayR2 wrote:
| > " _As a matter of law in the United States you are
| objectively wrong._ "
|
| You are quite correct, of course. I meant to write
| "shouldn't" instead of "don't".
|
| > " _So what, you think individuals should be able to
| investigate something all by themselves, but the
| government should be free to put the boot down on
| newspapers because they 're corporations?_"
|
| I'll point out that there's an entirely separate and
| intentional carve-out for freedom of the press that is
| distinct from freedom of speech, so that's not a good
| justification for corporations to get freedom of speech
| as a right directly.
| xoa wrote:
| :\
|
| > _I 'll point out that there's an entirely separate and
| intentional carve-out for freedom of the press that is
| distinct from freedom of speech_
|
| Not really as a matter of law we're talking about here.
| "The press" isn't some special legal entity, there's no
| licensing for it or anything. Absolutely critical press
| victories like _NYT v. Sullivan_ were based on freedom of
| speech protections.
|
| But whatever, so you don't want Mozilla Corporation to be
| able to advocate for Firefox if the government doesn't
| want it to because Google managed to lobby successfully?
| No company can come out in favor gay rights or Pride Day
| if the government doesn't want them to? You're fine with
| with the government being able to punish companies for
| arguing against encryption backdoors? And what about the
| individuals at those companies, if the CEO speaks about
| those things is that the company speaking and punishable
| or is it ok if he says "this is my opinion" first every
| time? What about employees?
|
| Like, we can go through a million examples here if you
| want but I don't think it's _that_ hard to see how maybe
| government might abuse that _just a little bit_.
| perl4ever wrote:
| >"The press" isn't some special legal entity, there's no
| licensing for it or anything
|
| This is one of those things that's plausible and common
| enough to read on the internet that it makes me worry
| about alternate universes intersecting.
|
| If you type "credentialed members of the media" into
| Google, do you see any results, or is it just me?
|
| Another key phrase I find is "reporter's privilege"
| relating to state laws to shield the press, which, as you
| might imagine, requires defining what a reporter is.
|
| "Some privilege schemes are narrow and apply only to
| full-time employees of professional news outlets, while
| others are broad and extend to bloggers, filmmakers,
| freelancers, book authors, and student journalists. In
| other words, some are inclusive and others are
| exclusive."
|
| https://www.cjr.org/united_states_project/journalists_pri
| vil...
| hesk wrote:
| > It's important that people be able to speak to power,
| and a core part of that for humanity is socializing,
| being able to form groups to support each other and pool
| ideas, skills and resources to have a greater effect than
| what any individual alone could accomplish. Seriously,
| you say "corporations don't have free speech rights"?
|
| The people in many corporations in fact lose their free
| speech rights and have to follow the company line.
| Granted, they agreed to that in their employment contract
| but this is in many cases a coercive relationship.
|
| > Exactly what form of combined effort do you imagine
| most, say, NEWSPAPERS are organized under? So what, you
| think individuals should be able to investigate something
| all by themselves, but the government should be free to
| put the boot down on newspapers because they're
| corporations?
|
| Well, the individual reporters could still be free to
| exercise their free speech rights without conferring any
| right on the newspaper itself.
| NmAmDa wrote:
| In this discussion context. NSO is a company which does not
| have a freedom of speech right. It has a business
| relationship with Amazon.
| bluetwo wrote:
| Wonder if NSO was involved in that leak of Bezo's phone data
| awhile back.
| kaonwarb wrote:
| From Amazon Unbound, p.344:
|
| > De Becker then commissioned an examination of Bezos's iPhone
| X. The eventual report by Anthony Ferrante, a longtime
| colleague of de Becker's and the former director for cyber
| incident response for the U.S. National Security Council,
| concluded that the promotional video about broadband prices
| that MBS had sent Bezos the previous year likely contained a
| copy of Pegasus, a piece of nearly invisible malware created by
| an Israeli company called NSO Group. Once the program was
| activated, Ferrante found, the volume of data leaving Bezos's
| smartphone increased by about 3,000 percent.
| whymauri wrote:
| Jesus Christ, this software really is a weapon.
| cronix wrote:
| > The eventual report by Anthony Ferrante, a longtime
| colleague of de Becker's and the former director for cyber
| incident response for the U.S. National Security Council,
| concluded that the promotional video about broadband prices
| that MBS had sent Bezos the previous year likely contained a
| copy of Pegasus, a piece of nearly invisible malware created
| by an Israeli company called NSO Group.
|
| Key word in that sentence: "likely." AFAIK, nothing has been
| proven beyond rumor and conjecture, which isn't proof of
| anything at all.
|
| Did they find the Pegasus or related code on the phone, or
| not? That is a yes or no answer. Likely?
| sva_ wrote:
| I thought about the same. Perhaps an "order from the top."
| tnolet wrote:
| I was thinking exactly the same thing. Given what we know about
| this hack -- a Whatsapp or iMessage essentially taking over his
| whole phone -- this seems plausible.
| tptacek wrote:
| Wasn't there recently a whole huge story about how it turned
| out to be his girlfriend's brother?
| largbae wrote:
| I'd like a link if so, I have been interested in why that
| story isn't more important, given the attention other state-
| sponsored hacks have received...
| polar wrote:
| https://www.bloomberg.com/news/features/2021-05-05/how-
| jeff-...
| Leparamour wrote:
| It's not a contradiction. Whoever would have ordered NSO or
| similar actor to hack Bezos' phone is probably after more
| juicy info than a dick pic or at least wouldn't leak it for
| 'lulz' and thereby revealing that the phone is compromised
| somehow.
| tptacek wrote:
| I don't know if it's a contradiction, but my understanding
| is that the stuff that actually leaked, we have a good
| handle on where it came from.
| javajosh wrote:
| Isn't NSO just a poor-man's NSA, since the NSA can force
| Google/Apple/Microsoft/Amazon/[Any Carrier] to do _anything_ to
| any number of devices or data, and in secret?
| esens wrote:
| NSO seems to be used by tyrants to go after legitimate
| opposition. The NSA isn't used by the President to target the
| party out of power no? But in NSO case in India apparently it
| was: https://www.theguardian.com/news/2021/jul/19/key-modi-
| rival-...
|
| NSO is used to keep those with money and access to NSO in power
| undermine their legitimate rivals. It can be used to plant
| evidence on their devices as well as monitor everything they
| do.
| Dah00n wrote:
| To clarify, are you arguing that NSO Group have had a bigger
| impact on innocent people, suppression of speech, etc. than
| the NSA?
|
| If so, I'm not sure I buy what you seem to be arguing, that
| "NSO case in India" and "It can be used to plant evidence"
| makes it anywhere near as bad as what the NSA has done/does.
| In my opinion this is exactly how a "poor-man's NSA" would
| look: What your money can buy from greedy corporations
| protected by nasty governments.
|
| >legitimate opposition
|
| Who decides what is legitimate though? It sounds like weasel
| words to me, just like "terrorists" (that get defined by
| those in power and then maybe later becomes revolutionists
| and heroes if they actually win). Going after Snowden,
| torture in Guantanamo, and using three letter agencies for
| industrial espionage is also "legitimate".
| manquer wrote:
| The people decide what is legitimate opposition by
| elections.
|
| NSO was used to tap the democratically elected leader of
| opposition in India. Doesn't get any clearer than that. [1]
|
| I don't know how to compare between hot pan and the fire on
| who is worse
|
| [1] with Watergate and more recent (unproven) accusations
| on wiretapping of politicians, the US is no stranger do
| this type of monitoring either
| Spooky23 wrote:
| > arguing that NSO Group have had a bigger impact on
| innocent people, suppression of speech, etc. than the NSA?
|
| I'm not the OP, but maybe a way to put it is that impacts
| are more variable or chaotic?
|
| Generally speaking, the "impact" of a US government entity
| is reasonably predictable based on US policy and interests.
| Something like NSO, where tools are sold on the market to
| many entities are probably less predictable and thus more
| impactful. I'd expect a lower level of operational
| discipline from <random mideast state> than from the US
| military.
|
| The other factor is who are NSO Group's masters, and what
| do they know? If <random mideast state 1> compromises
| <random mideast state 2>, does <third party> get intel?
| [deleted]
| hammock wrote:
| >The NSA isn't used by the President to target the party out
| of power no?
|
| No, definitely not.
| kdkdmdm wrote:
| > The NSA isn't used by the President to target the party out
| of power no
|
| Close, but you've got the wrong organization. It was the FBI
| that used evidence it knew was false from the start to
| justify a spying campaign into the opposition candidate and
| then used the candidate's campaign's resistance of that
| illegal election interference to justify political
| interference and, ultimately, an indictment.
|
| That's right, the Obama DOJ illegally harassed the Trump
| campaign and then the out of control FBI and House Democrats
| (led by the former FBI director, Mueller) followed through
| with the farce of an impeachment, aided and abetted by
| misleading coverage of the proceedings, which resulted in
| only an indictment for resisting the illegal investigation
| and election interference
|
| And now the same people assure us that the 2020 election was
| the fairest and most secure ever. Real confidence inspiring!
| Personally I never had any doubt in the security of the US
| elections until the same machine that insisted the Russian
| collusion was real (it definitely wasn't), and that the lab
| leak theory was never plausible (it's not definitely true but
| it's definitely plausible and always has been), insisted that
| there was no way they could've been fraudulent.
|
| Thou dost protest too much, methinks.
| igorzx31 wrote:
| ^This person is wrong. FISA and FBI counter-intel have a
| low bar to get warrants because that's what congress
| intended.
| freeflight wrote:
| Indeed, the FISA court only exists to rubber-stamp
| warrants.
|
| In 33 years the FISA court granted 33,942 warrants, in
| that same time only 12 were denied, a rejection rate of
| 0.03% [0]
|
| [0] https://en.wikipedia.org/wiki/United_States_Foreign_I
| ntellig...
| perl4ever wrote:
| The rejection rate, in a vacuum, isn't evidence that they
| are rubber stamping warrants.
|
| From a logical perspective, it could mean that those
| submitting requests are able to avoid sending weak ones
| and choose to do so.
|
| I'm not saying I believe you/the standard view is wrong,
| but there must be some other evidence.
| cguess wrote:
| What sorta qanon crap is this?
| 0xbadcafebee wrote:
| Intelligence agencies don't force people to do things, their
| operations are covert. It's the DoD/FBI that will force things
| and issue gag orders. Think of the intelligence agencies as
| Ninja, and the FBI/law enforcement as Samurai.
___________________________________________________________________
(page generated 2021-07-19 23:01 UTC)