[HN Gopher] Meduza co-founder's phone infected with Pegasus
___________________________________________________________________
Meduza co-founder's phone infected with Pegasus
Author : Klaster_1
Score : 283 points
Date : 2023-09-13 13:39 UTC (9 hours ago)
(HTM) web link (meduza.io)
(TXT) w3m dump (meduza.io)
| levleontiev wrote:
| Also interesting that a new "bad guy" from the Caucasus might be
| the actual attacker.
| [deleted]
| [deleted]
| [deleted]
| 1B05H1N wrote:
| How many people died over these 0-days?
| driverdan wrote:
| We won't know until NSO is forced to open their books, which is
| unlikely to ever happen given their ties to the Israeli
| government.
| ramraj07 wrote:
| What are the odds that NSO has like 20 other zero-days in their
| arsenal each set ready to deploy the day the current
| vulnerabilities are discovered and patched? Does Apple know or
| have a clue how bad this problem could be?
|
| Surely whatever money these guys spend buying these zero-days,
| Apple is rich enough to increase their bounties large enough to
| attract them to right side instead?
|
| It's not clear in the article if the author had to take any
| action to get this program installed. If that's not required,
| what should anyone who even vaguely suspects state sponsored
| spying do? Sounds like it's safer to just not use a phone or try
| and circle through a series of them you buy second hand or
| something.
| aaron695 wrote:
| [dead]
| insanitybit wrote:
| > What are the odds that NSO has like 20 other zero-days in
| their arsenal each set ready to deploy the day the current
| vulnerabilities are discovered and patched?
|
| I feel it's the safe money, certainly. One exploit dev in a
| given year can churn out multiple weaponized 0 days, surely
| they have more than one dev working on such things, so you're
| talking about a stockpile of likely dozens of vulns. Some might
| collide with public vulns so they lose a few, but you knock one
| down and I have to assume they have others staged.
|
| > Apple is rich enough to increase their bounties large enough
| to attract them to right side instead?
|
| That's a good question. I think at NSO's price point the answer
| is probably "no", but I don't know. At best Apple could be
| competitive, but bug bounty work is far riskier - you might
| spend a long time without getting a payout, either due to some
| bad luck, collisions with already reported vulns, or a vendor
| just being a dick (pretty sure Apple have been dicks).
|
| > what should anyone who even vaguely suspects state sponsored
| spying do?
|
| Probably have more than one phone, for starters. Use
| authenticated protocols, not SMS/MMS. It's insane that anyone
| can just send data to your phone unprompted. I'd probably
| disable cell service altogether unless I'm actively making an
| outbound call to a known contact.
| wayfinder wrote:
| The only way Apple could make them report the vulnerability
| is if the bounty was not far from the amount of profit that
| NSO is making with their software.
| devmor wrote:
| The comment is not suggesting that Apple make the
| vulnerability attractive to report for the NSO as an
| organization, but presumably attractive to report for
| whatever hackers the NSO may purchase vulnerabilities from
| - or individuals employed by the NSO.
|
| In such a case, Apple "only" needs to make the bounty high
| enough to significantly exceed the sale price of the vuln,
| or the salary of aforementioned employees.
| andersa wrote:
| Why is it on Apple to defend everyone against hackers
| sponsored by another country to begin with? The governments
| should be providing any resources necessary to defend here...
| Veserv wrote:
| Because that is what they advertised they would do [1].
|
| "Apple makes the most secure mobile devices on the market.
| Lockdown Mode is a groundbreaking capability that reflects
| our unwavering commitment to protecting users from even the
| rarest, most sophisticated attacks," said Ivan Krstic,
| Apple's head of Security Engineering and Architecture.
|
| I mean, we know nobody on their team actually believes
| Lockdown mode can protect against state funded actors with
| even a tiny $10M budget since their Lockdown mode total
| bypass bug bounty is only $2M.
|
| But they did say it in their marketing, so they should be
| held to it even if we know for a fact that they are totally
| incapable of doing so. This is not a question of money, it
| is a question of ability, and we know they do not have
| that.
|
| [1] https://www.apple.com/newsroom/2022/07/apple-expands-
| commitm...
| saiya-jin wrote:
| Wait, the reward for completely bypassing most hardcore
| security measures in their most important device for the
| most valuable company in the world worth over 3 trillion
| is mere 2 millions?
|
| Thats not a honest proposition by its very definition,
| just look at the assymetry of those numbers. _Serious_
| offer would add at least 2 zeroes to that.
| Veserv wrote:
| It is actually reasonably fair, it only costs around 1-2M
| $ to find one. You expect Apple to pay 100M $ for 1M $ of
| work?
|
| The real question is why is Apple allowed to lie about
| providing meaningful protection against state actors when
| they only think it only costs 2M $ to break it. In no
| universe is 1/5 the cost of a tank even a road bump for a
| state actor.
|
| The other question is why is their security so terrible.
| The short answer is that they demonstrably know nothing
| about security since this is the most they have been able
| to do after decades of work, billions of dollars, and
| repeated promises of meaningful security. When somebody
| spends billions of dollars and decades failing to achieve
| even 1/10th of what they promised, you should take any
| new statements as extraordinary claims and demand
| extraordinary evidence.
| zozbot234 wrote:
| > The real question is why is Apple allowed to lie about
| providing meaningful protection against state actors
|
| It's not like anyone has been doing any better. Mobile
| phones are embedded devices targeted to everyday
| consumers, basically toys. They've never been engineered
| for anything like meaningful security against even mildly
| sophisticated attacks. The industry simply doesn't care
| about this, e.g. most phone SoC's are still not protected
| against misbehavior by any of the included devices, each
| of which is running some unknown proprietary firmware.
| That's just par for the course in the embedded ecosystem.
| Veserv wrote:
| Why does the quality of any other product matter here?
|
| Apple marketing claims it provides meaningful protection
| against state actors. Apple engineering says it does not.
| Even if nobody can do it, even if Apple is closer than
| anybody else, that does not excuse lying to people who
| are betting their lives on Apple's representations that
| it works.
|
| Apple can not protect against state actors. Apple knows
| that. If you are at risk, the only safe thing to do is
| avoid Apple (and all other smartphones). Apple knows
| that. They lie and insinuate that a iPhone is fit for
| this task so they can sell a few more iPhones caring not
| a single bit for the lives at risk. That is grossly
| unethical. Yet, it is par for the course in
| "cybersecurity". That does not make it acceptable, that
| just means everything is rotten.
| zozbot234 wrote:
| > Apple makes the most secure mobile devices on the
| market.
|
| Well, they're not _wrong_ on that one point. As it turns
| out, "most secure" is a pretty low bar. We'll see how
| Purism's Freedom Phone fares once it reaches genuine
| daily-driver status and it too becomes a target for this
| class of attacks.
| charcircuit wrote:
| PureOS is decades behind in security compared to Android
| or iOS.
| anthk wrote:
| PureOS with Flatpak, Wayland and such make it close.
| akyuu wrote:
| Not really. Even with modern technologies, the Linux
| desktop technology stack is very, very far behind when it
| comes to security.
|
| The Linux kernel itself is a very weak foundation
| security-wise, the only way Android and ChromeOS get away
| with it is by using a very small feature set and
| restricting everything else as much as possible with
| seccomp, SELinux and heavy sandboxing.
|
| The Linux desktop userland doesn't have meaningful
| hardening features compared to other platforms (even
| Windows is ahead, sadly). For example, practically all
| distros use glibc's memory allocator which has both poor
| performance and security [1] and their toolchain is based
| on gcc, with no support for modern compiler security
| features such as CFI (with the sole exception of Chimera
| Linux). Not to mention the permission model is completely
| outdated, like in that xkcd cartoon. Flatpak only
| mitigates this partially, because the Flatpak sandbox is
| very weak. The people working on Flatpak are doing their
| best, but from reading some GitHub issues, it's clear
| they are badly overworked and not security experts. The
| person responsible for Flatpak's seccomp sandbox has said
| it isn't even his main responsibility and he doesn't have
| much knowledge about seccomp and is learning along the
| way [2]. The Flatpak seccomp filter is based on a
| denylist rather than an allowlist, and many dangerous
| syscalls can't be blocked because applications rely on
| them (e.g. Firefox needs ptrace for the crash reporter).
| You also have to be very careful and use Flatseal (which
| is not officially supported) to deny permissions such as
| /home filesystem access, because it lets Flatpak apps
| override their own permissions by design [3]. And
| dangerous kernel components like io_uring are exposed
| [4], while Google disables them on their systems because
| of their exploitation potential.
|
| Here is a more detailed article examining the lack of
| security of Linux phones in case you're interested:
| https://madaidans-insecurities.github.io/linux-
| phones.html
|
| If you want a FOSS-based secure phone, GrapheneOS is the
| best option.
|
| [1] Check this comment by GrapheneOS founder for some
| technical details and how it compares to hardened
| allocators such as Android's Scudo or Graphene's
| hardened_malloc: https://github.com/NixOS/nixpkgs/issues/
| 90147#issuecomment-6...
|
| [2] https://github.com/flatpak/flatpak/issues/4466#issuec
| omment-...
|
| [3] https://github.com/flatpak/flatpak/issues/3637
|
| [4] https://github.com/flatpak/flatpak/issues/5447
| [deleted]
| kube-system wrote:
| Being open source doesn't mean immune to vulnerabilities.
| (and Purism's stuff will likely never be 100% open source
| due to regulatory complications with basebands)
|
| Niche software often fares very poorly in terms of
| security because few people are trying to exploit it.
| insanitybit wrote:
| Apple is welcome to seek aid from the US Government, I
| imagine they would be happy to assist.
| Dah00n wrote:
| The US government have already "assisted" plenty. Every
| assist is a setback. IE. Snowden's revelations,
| encryption standard weaknesses, backdoored devices, etc.
| insanitybit wrote:
| Obviously not what I'm talking about.
| zozbot234 wrote:
| Because Apple makes the phones, silly. The iPhone is a 100%
| proprietary device, we know zilch about what code is
| running on it. Why should anyone be responsible besides the
| manufacturer?
|
| Maybe the government should care about the Obamaphone, but
| not anything beyond that.
| kube-system wrote:
| Close to 100% but not quite. It has some open source
| components.
| Veserv wrote:
| They probably have around 3-10 other zero-click zero days on
| hand. And if NSO somehow burns all of their in-house
| production, the vulnerability brokers I know have a couple tens
| ready for usage in their inventory for a few million dollars
| each. This is not even private knowledge; the brokers run legal
| US incorporated businesses that sell to governments,
| businesses, and the vendors who make the insecure products such
| as Microsoft and Apple. Apple knows for a fact that they are
| delivering products with tens to hundreds of known critical
| security defects.
|
| Apple does not buy out the zero-days for two reasons: First,
| you can not buy your way to security. Second, the benefits do
| not outweigh the costs.
|
| For the first point, it is impossible to buy your way to
| serious security. Apple currently pays a $1M bounty for a zero-
| click RCE with persistence [1] and $2M to do the same to
| Lockdown Mode, around the cost of a single Tomahawk cruise
| missile. They set this price because it takes around 1-3
| engineer-years to find such a security defect, so the bounty is
| approximately the cost of labor. If they paid $10M, around the
| cost of a single M1 Abrams tank, they would get a absolute
| flood of new reports since suddenly the ROI is 10x and the
| number of security defects detectable at the $10M level is
| vastly more than at the $1M level. However, to deter countries,
| you need to get to at least the $100M level, the cost of a
| single F-16. At the few million dollar level there are already
| tens to hundreds of known security defects, so at the $100M
| level there are almost certainly thousands to tens of thousands
| of vulnerabilities. So, to buy their way to protection against
| state-funded attackers would cost them trillions to tens of
| trillions of dollars, if it is even possible at all. Note that
| literally nobody has ever gotten past the few million dollar
| range using this strategy, or frankly using any strategy when
| attempting to retrofit a system not designed for security like
| iOS or Windows.
|
| For the second point, what does Apple gain by buying the zero-
| days? People keep buying iPhones no matter how many thousands
| of security defects get reported. All they have to do is make
| up new bullshit like Lockdown mode and everybody feels warm and
| fuzzy inside. The company, that has never once made a product
| within a factor of 100x of what is needed to protect against
| state-funded attackers, just makes up a marketing spiel about
| how they are "totally going to do it this time for sure, pay no
| attention to our record exclusively consisting of hundreds of
| failures" and everybody eats it up. We know they do not believe
| their own marketing fluff because they set the bounty for
| lockdown mode at $2M, only double the $1M for regular iOS,
| which is still only 1/5 of a single tank. Do you think a single
| state-funded attackers will be dissuaded by the price of a
| fractional tank? It costs more money to start a new McDonalds
| store. All the companies like Apple, Microsoft, Amazon, Google,
| Cisco, Crowdstrike, etc. need to do is lie and for some reason
| everybody keeps believing them for the thousandth time and
| their sales are protected.
|
| Commercial IT systems are completely and utterly insecure
| against attacks by moderately funded attackers. If you have
| operations worth more than $1M or are at the risk of targeted
| attacks, you are completely, 100%, vulnerable no matter what or
| how many of these systems you use. If that is not acceptable,
| then you must not use standard commercial IT systems with
| connectivity. That is, unfortunately, the only solution that
| currently works. It is up to you if you think the tradeoff is
| worth it.
|
| [1] https://security.apple.com/bounty/categories/
| ponkipo wrote:
| nice comment, thanks for the very interesting perspective!
| webel0 wrote:
| A third reason Apple doesn't increase their bounties: they
| don't need to. There is no secure phone on the market. Your
| only options are insecure phone (iOS, android, whatever) or
| no phone at all. So while it might be nice to be able to
| claim that you're relatively secure, there's very little to
| be gained by spending all of the resources required to buy up
| all exploits.
| stef25 wrote:
| > Surely whatever money these guys spend buying these zero-
| days, Apple is rich enough to increase their bounties large
| enough to attract them to right side instead?
|
| TL;DR, Apple probably doesn't care enough
|
| You're in a _very_ exclusive club if you 're targeted by NSO
| (ie. very few people are victims) and most of the general
| public probably doesn't understand or care enough to get their
| pitch forks out.
|
| Personally if I was anywhere near being a possible NSO target
| I'd dump all my devices or at least have them fully airgapped,
| the only way you'll win that fight.
| Terretta wrote:
| _> TL;DR, Apple probably doesn 't care enough You're in a
| very exclusive club if you're targeted by NSO (ie. very few
| people are victims) and most of the general public probably
| doesn't understand or care enough to get their pitch forks
| out._
|
| And yet:
|
| (a) Lockdown Mode cost money to develop and will cost support
| time from casuals turning it when they shouldn't but Apple
| did it anyway, and
|
| (b) the journalists only know this happened _because Apple
| told them proactively_.
|
| Sounds like they care at least a little.
| Dah00n wrote:
| Someone also cared about programming Minesweeper in
| Windows. That doesn't mean Microsoft as a company care even
| a miniscule amount about it. _Someone at Apple cared more
| than not at all_ is as true.
| zozbot234 wrote:
| > You're in a very exclusive club if you're targeted by NSO
| (ie. very few people are victims)
|
| That's a dangerous assumption. We only know about the victims
| who are clueful enough about OPSEC to even be _informed_
| about the issue, let alone find out about an attack.
| devmor wrote:
| >Personally if I was anywhere near being a possible NSO
| target I'd dump all my devices or at least have them fully
| airgapped, the only way you'll win that fight.
|
| You still wouldn't win that fight without applying those
| rules to everyone you come in contact with. And even then,
| the absence of such data could create a pattern enough to
| identify parts of your life if they have enough data from
| people that are not around you.
|
| Escaping surveillance from bad actors is essentially no
| longer a winnable fight. you can only do your best to
| mitigate it.
| shmatt wrote:
| This comment pretty much dissects/explains NSO in the best
| terms ive seen in HN before.
|
| "Pegasus" is not one hacking entity like most articles make it
| out to be. Its
|
| 1) A bunch of services that download data, given root access to
| a phone
|
| 2) a bank of 0-days, we don't know how deep.
|
| For all we know, there are times when "Pegasus" doesn't work
| for hours, days, weeks, until the 0-day is rotated. We do know
| from some leaks that they have a mix of non-click and click
| exploits, and also support all different kinds of phone OS.
|
| Their hacking abilities are definitely overstated, for all we
| know, for smooth continuous customer support, they could be
| buying 100% of their 0-days, and not finding any themselves. A
| 0-click 0-day for iPhones is worth about $2,000,000[1], a
| company with contracts like NSO can afford a lot of those. IMO
| the media portraying them as super-hackers is pure hype. Its a
| bunch of crooked business people who figured out how to extract
| money out of countries
|
| [1] https://arstechnica.com/information-
| technology/2019/01/zerod...
| sugarpile wrote:
| An extension to the link [1] above is: the price NSO pays for
| android zero click is higher than the price they pay
| foriPhone zero click exploits. This implies they do indeed a
| catalog of iOS exploits stashed.
| Veserv wrote:
| The link is about Zerodium, not NSO. Also, 2.5M $ vs 2M $
| is not a meaningful difference, neither presents a
| meaningful road bump to competent attackers. But your point
| that it indicates a robust stash is fair. They 100% do.
| civilitty wrote:
| It doesn't really imply anything because iPhone's global
| market share is less than 30% with customers concentrated
| in North America and China, both danger zones for NSO
| operations. Android exploits might also take far longer to
| patch across all vendors and users might take longer to
| update compared to iOS.
|
| It's fairly probable that iPhone exploits are just less
| valuable to a shady intel operation that sells mostly to
| small authoritarian regimes.
| henry2023 wrote:
| Your comment is not considering that these governments
| are more likely to target politicians and journalists
| which are more likely to use iPhone regardless of where
| they are located. I don't know if the implication that
| iPhone is less secure holds but it's likely.
| hgsgm wrote:
| It doesn't matter whether NSO are genius hackers or their
| freelancers are. They are still outsmarting Apple all day
| long.
| fatfingerd wrote:
| When significant functionality and backwards compatibility
| is required and money is limited, I'll happily work for red
| team, when brick is a valid solution, I will happily work
| for blue team.
| [deleted]
| georgelyon wrote:
| I didn't find any mention of Lockdown Mode in the article,
| which is advertised as something a user in this position could
| use to decrease their attack surface. I find it surprising
| journalists covering high-risk stories don't just all have this
| on by default. A lot of these no-user-interaction exploits are
| via vulnerabilities in decoders for images and such that run
| when a message is received, unless the phone has Lockdown Mode
| enabled (LM also disables other types of functionality). Has
| anyone seen evidence of a phone with Lockdown Mode enabled
| being compromised (not saying it's impossible, just curious)?
| fh9302 wrote:
| So far there has not been a confirmed Pegasus infection with
| lockdown mode enabled. It's certainly possible but will
| require more sophisticated exploits, thus increasing the
| price per infection.
| HenryBemis wrote:
| I will assume that unless the cost per infection is a
| staggering number, if a "baddie" wants to "get in" they
| wouldn't be phazed by $50k or $100k. I assume that the
| value of the intel collected (contacts, eavesdropping,
| etc.) would be far more valuable as it would reveal
| whistleblowers, opposition tactics, contacts, candidates to
| fall off windows/balconies, candidates to be chopped up,
| etc.
| H8crilA wrote:
| 0-click 0-day costs more like $2M (from other comments
| and links in this thread).
| iandanforth wrote:
| NSO getting blacklisted is one of the great victories over the
| "Israel can do no wrong" mindset so common in Washington.
| [deleted]
| phero_cnstrcts wrote:
| Is there anything that prevents Pegasus from spreading by itself
| or must it be installed via a targeted attack? And is there a way
| of scanning for it to see if a phone is infected?
| PeterisP wrote:
| There is nothing technical that prevents Pegasus from spreading
| by itself, some of the reportedly involved vulnerabilities
| could be "wormable", however, there are practical reasons that
| prevent that - for malware like Pegasus, the operator has an
| interest to avoid uncontrolled spread, since it relies on
| certain undiscovered and unpatched vulnerabilities staying
| undiscovered and unpatched, and uncontrolled spread makes it
| much more likely to be discovered, analyzed and "killing the
| goose that lays golden eggs".
|
| So at least for now we'd expect all Pegasus installations to be
| a result of targeted attacks. On the other hand, if the tool
| leaks and becomes readily available to multiple actors, then
| the incentives change and one of them might decide to make a
| worm that infects everyone in the world who's not patched.
| ChrisMarshallNY wrote:
| Also, NSO gets many shekels for each infection. They _really_
| don 't want it spreading.
| [deleted]
| m348e912 wrote:
| Since the type of exploit pegasus has been using has been
| recently seen in the wild and Apple has had to release more
| than one security update to address this attack vector it leads
| me to believe that not just targetted individuals should enable
| "lock down mode" on their apple devices. Although apple doesn't
| recommend it, it could be useful if there is a major malware
| outbreak across the iPhone ecosystem.
| fullspectrumdev wrote:
| There is no self propagation code built into Pegasus.
|
| It would be relatively trivial to write such - simply have it
| send the exploit via iMessage to all of a targets contacts,
| rinse and repeat.
|
| This would be counterproductive though - the whole selling
| point of Pegasus is targeted surveillance, and such exploits
| are very costly - uncontrolled spreading would make it detected
| much faster, burning a valuable resource.
|
| If such exploits were cheap, it's plausible you could justify
| writing a variant that automatically attacks a targets entire
| address book to mine their social graph, but then you have the
| problem of analysing a shitload of probably worthless data...
| ramraj07 wrote:
| If some hacker gets a clearly infectious Pegasus link they
| should make it spread through messages to everyone. Bricking
| everyone's iPhone will probably make all the governments and
| Apple sit up and do some real damage to these actors.
| Veserv wrote:
| Many of the Pegasus attacks are zero-click, so no link is
| needed. All they need to do is send you a message and you
| are compromised.
|
| They presumably also configure their command and control to
| only persist if it is one of the designated targets and
| wipe all traces if it is not, so even forwarding the attack
| payload would probably not do anything. You would need to
| determine you have been compromised and then reverse
| engineer the exploit so you could replace the command
| payload with a irreversible bricking operation to do what
| you suggest.
|
| At that point you might as well spend the $5M-$10M to
| develop the entire attack yourself. If you are a competitor
| to Apple spending $10M to completely destroy the $2.7T
| Apple is literal pocket change; too small to even show up
| on your financials.
| astrange wrote:
| > If you are a competitor to Apple spending $10M to
| completely destroy the $2.7T Apple is literal pocket
| change; too small to even show up on your financials.
|
| You're comparing two near completely unrelated numbers
| here. That's not what enterprise value means; it doesn't
| mean much of anything really.
| kube-system wrote:
| > make all the governments and Apple sit up and do some
| real damage to these actors.
|
| International weapons dealing doesn't work that way. Point
| to any manufacturer of weapons and there's a bunch of
| people that don't like them. But the countries that benefit
| from those weapons don't agree.
| tamimio wrote:
| AFAIK, phone numbers are the entry point, it's the easiest and
| quickest way to target someone with it, else, it will be more
| involved to isolate the target, so don't activate any number on
| your phone in addition to the lockdown mode, plus the usual
| security precautions should be in theory enough to protect you,
| ultimately, don't use a "smart" phone.
| euniceee3 wrote:
| Phone numbers are not targets. Baseband is the big fear
| vector due to it being a black box, but in reality the apps
| themselves are being targeted where your phone number is the
| primary key.
| dron57 wrote:
| Seems that the NSO business model is based on ultra exclusivity
| and a very small number of business clients. Technically,
| Pegasus could probably retransmit itself to infect another
| device, but it doesn't fit their business model so I doubt NSO
| would do this regularly.
| SEJeff wrote:
| Nation states (like KSA) will likely pay very large sums of
| money to use this against their perceived enemies abroad. A
| small and exclusive clientele is how a company like this
| stays out of the lime light.
| marchukov wrote:
| From what I was able to read previously, it has no ability to
| spread by itself and has to be installed by a targeted attack.
| There is also a tool from Amnesty International that can detect
| it (or was able to): https://github.com/mvt-project/mvt
|
| It is a race though, so past info may no longer be valid.
| However, I doubt it will ever be able to spread by itself,
| since it uses very expensive zero days to infect and they will
| be quickly fixed after detection.
| egonschiele wrote:
| You also need to jailbreak your phone to use MVT.
| KomoD wrote:
| No you don't _need_ to, you _can_
| rnk wrote:
| Apple should use financial means to destroy these companies.
| Working at these companies should be a black mark on the records
| of the employees. I won't hire someone who worked at one of these
| companies. I know probably my own government tries to hack into
| people's phones, I don't want that either; my govt should not be
| selling their capabilities to other governments. If we make
| working at these companies something terrible on someone's jobs
| record, we might prevent people from going there.
|
| Companies that do these kinds of things are a menace to society,
| because those tools get used for evil purposes (not just spying
| on terrorists). Plenty of other governments benefit from using
| these spy tools themselves, but we all know they fall into the
| hands of despotic governments like Saudi Arabia and they are used
| to harass and attempt to control journalists, people advocating
| against their governments.
|
| What I'd like to see is Apple uses their enormous influence and
| financial power to sue these companies and drive them out of
| business. They should financially attack the companies doing this
| and make it known they will work to destroy them.
| Dah00n wrote:
| Sure. Same logic fits anyone working for anything Snowden
| revealed too. Previous work at USG/NSO/other places as bad?
| "Sorry, we don't see you as a good fit in our company".
| jonfw wrote:
| How would apple suing the NSO work? They're based out of
| Israel. I wouldn't imagine Israeli courts are going to let an
| american megacorp take down one of their biggest industries
| Dah00n wrote:
| Suing across borders is not a problem at all. It is only an
| issue if you want to sue someone protected by the state. So,
| well, yes, in this case it world be allowed as much as if NSO
| tried the same to a US company.
| zozbot234 wrote:
| > not just spying on terrorists
|
| Ah, but what about spying on "Nazis" and "foreign influence
| organizations"? What's good for the goose is good for the
| gander.
| [deleted]
| [deleted]
| voldacar wrote:
| If I were apple I would seriously consider hiring hitmen or at
| the very least PIs to surveil everyone who works at these
| companies
| rnk wrote:
| No, that's not helpful. No one should suggest personal harm.
| tonyarkles wrote:
| If I understand correctly, NSO is primarily staffed with
| retired or current Mossad/Israeli Sigint folks. Have fun!
| miohtama wrote:
| NSO Group: We only work with legitimate governments for lawful
| purposes.
|
| Israel: NSO does not pose a problem, because they work only for
| lawful purposes.
| [deleted]
| GoblinSlayer wrote:
| AFAIK the wording is "vetted customers".
| stef25 wrote:
| It's even better - "journalists getting killed is horrible but
| it's due to a lack of regulations. Someone has to do the dirty
| work" - NSO.
| egonschiele wrote:
| I read that if Pegasus is on your phone, even a factory reset
| will not get rid of it. Could someone explain why?
| sleepybrett wrote:
| Here is a very technical breakdown of the malware:
| https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegas...
| zozbot234 wrote:
| If you're being targeted with anything like Pegasus (i.e. a
| state sponsored attack), you should definitely assume that even
| a factory reset will not fix the issue. It's more about "better
| safe than sorry" than anything that can be said with certainty,
| since these attacks may evolve over time.
| runjake wrote:
| I am not an expert, but my belief is that Pegasus does not
| maintain persistence.
|
| While the Wikipedia article claims Pegasus "jailbreaks" the
| iPhone to maintain persistence. Every technical article I've
| read says that a reboot clears Pegasus (albeit, it is easy to
| re-infect with a no-click exploit without the user's
| knowledge).
|
| Hopefully, someone more knowledgeable can chime in with
| citations.
| [deleted]
| negus wrote:
| Haven't read about Pegasus, but what you describe is the
| behavior of bootkits. Factory reset does not imply that you
| erase 100% of your permanent storage: some part of it should
| contain the system programs to restore the system. If these
| system programs or the clean OS image are modified, then
| factory reset won't help
| scintill76 wrote:
| I don't know about the original claim either way, but I would
| be even more impressed and scared if it survived an iTunes
| restore (basically a PC reflashes the iPhone's OS image with
| an image downloaded from Apple.)
| negus wrote:
| If the malware controls the bootloader nothing will help:
| it can imitate any kind of restore, modifying the OS image
| on the fly
| heywhatupboys wrote:
| everything is signed.
|
| should not be even remotely possible
| negus wrote:
| Should. But we are talking about software vulnerabilities
| here. It means that things do not work as intended.
| scintill76 wrote:
| Apple has firmware restore features in ROM. I would also
| assume (hope?) that there's a procedure to enter the ROM-
| based restore that is impossible to intercept in software
| (maybe holding the power button for 10 seconds initiates
| a hardware reset into the ROM.)
| Moldoteck wrote:
| Interesting what is the zero-day % for ubuntu touch system that
| can tun on fairphones. Would using it reduce the chances of being
| hacked?
| jeejay wrote:
| Hacking of fairfones would be highly unlikely simply because it
| is not profitable to sell these hacks.
| tevon wrote:
| Do we know if the phone was in lockdown mode? Anyone know how
| effective lockdown mode is in preventing most of these zero-days?
| fh9302 wrote:
| The phone was not in lockdown mode as it would have prevented
| the attack.
|
| https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zer...
|
| > We believe, and Apple's Security Engineering and Architecture
| team has confirmed to us, that Lockdown Mode blocks this
| particular attack.
|
| https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-ret...
|
| > For a brief period, targets that had enabled iOS 16's
| Lockdown Mode feature received real-time warnings when
| PWNYOURHOME exploitation was attempted against their devices.
| Although NSO Group may have later devised a workaround for this
| real-time warning, we have not seen PWNYOURHOME successfully
| used against any devices on which Lockdown Mode is enabled.
| pvg wrote:
| These are about different incidents though, right? Is there
| some other confirmation lockdown mode would have been
| effective in this case as well?
| fh9302 wrote:
| It's the same vulnerability as in the article, PWNYOURHOME
| would have been avoided with lockdown mode.
|
| > Researchers believe Timchenko's hackers used the so-
| called "PWNYOURHOME" vulnerability
| pvg wrote:
| Ah I see, thanks! Managed to miss it while [?]-F'ing
| through the article for 'Citizen Lab'.
| logN_2 wrote:
| [dead]
| vonnik wrote:
| Daily reader of Meduza here. They publish consistent and high
| quality coverage both about headline events in the war as well as
| odd ramifications of it in Russia and Ukraine. And it doesn't
| have the annoying US-centrism of Ukraine coverage that you get
| elsewhere.
| justsomehnguy wrote:
| > and high quality
|
| Nope.
|
| There were enough articles with outright lies to never believe
| anything from them until proven by numerous other,
| _independent_ sources.
| mc32 wrote:
| CNN and Fox also publish proven lies or reframe things. Do we
| not believe anything they say as well?
| edgyquant wrote:
| I assume this is a joke? These are two news companies
| famous for people not believing anything they say.
| berdario wrote:
| I believe they are famous for not being believed by the
| other side's partisans.
|
| I.e. US republicans most often won't believe CNN and US
| democrats most often won't believe Fox.
|
| The point here is, there are plenty of topics on which
| CNN and Fox coverage is very very similar: off the top of
| my head events in Israel and Taiwan
|
| And on those topics, plenty of people just "trust the
| consensus" (or what appears to be the consensus, in
| western media)
|
| https://www.peoplesworld.org/article/out-of-bounds-how-
| media...
| rhamzeh wrote:
| Non-Americans should not, and usually do not believe
| either. It's funny when Republicans/Democrats treat
| either as reputable.
|
| They're politicking 101 made into 24/7 news media panic.
|
| They're both charlatans and peddlers of lies and cheap
| tricks; they engage in propaganda and employ journalists
| who seem to believe that they're anything other than foot
| soldiers to stir up the masses against XYZ _.
|
| Everyone knows Fox News is trash, it's laughable when
| some continue to argue that CNN isn't.
|
| _ Where XYZ can be anything, depending on which way the
| wind is blowing, sometimes it's each other, sometimes
| it's internal to the US, sometimes it's external
| hkpack wrote:
| Of course. Why you would read any source which was caught
| lying?
| blackmesaind wrote:
| Pointing the finger at another is often not a very
| compelling argument.
| mc32 wrote:
| what I'm saying is that there are very few sources that
| don't publish lies or have bents, so we have to do with
| what we have. Use many sources and triangulate. Some
| sources are more believable in some areas, less
| believable in other areas. Some contributors are more
| believable/truthful than others. It's not all on or off.
| ponkipo wrote:
| "90% of Meduza's sources' predictions didn't come true".
| Source: https://www.proekt.media/guide/kremlin-telegram-
| meduza (it's in Russian, info is at the end of the article).
| pvg wrote:
| That doesn't say much about the quality of Meduza's
| journalism. Most Kremlinology ends up being wrong.
| throwaway290 wrote:
| Examples of lies they published that were known lies before
| they published them?
| 5e92cb50239222b wrote:
| This can be applied to literally anybody. I've been reading
| them for many years (since their editor and most of their
| journalists were at lenta.ru -- which they were thrown out of
| in ~2015 for daring to criticize the annexation of Crimea).
| They are not angels, but they have always at least _tried_ to
| remain impartial and use relatively reliable sources of
| information. Many (most?) news outlets don 't even try.
| thriftwy wrote:
| This is the actual reason why people treat Meduza as parent
| poster does.
|
| The job of a news source it not to criticize, or not
| criticize, the annexation of Crimea. They're not a
| political party. Nobody but their mom really wants to know
| their private opinion.
|
| The job of a news source is to provide news. All the news
| and articles Meduza produces follows the same pattern,
| where they would arrive at a predetermined conclusion
| regardless of the facts they are discussing, and the train
| of thought would go from A to B in a reasonably short
| route. If it's hard to derive the conclusion from some
| facts, they will be skipping reporting these where
| possible. If it's very convenient to derive the conclusion
| for unproven facts, they will be using these eagerly.
|
| Propaganda is annoying to read, especially if you know you
| will disagree with their conclusion, which you obviously
| know in advance.
| OfSanguineFire wrote:
| In many (most?) developed countries, major media sources
| like newspapers and TV channels are each aligned with a
| specific political party or a specific political wing.
| So, their reportage is done through that political lens,
| and people have historically bought that newspaper
| because they want issues reported through that lens. It
| is mainly in American fora where people have this belief
| that news sources should be neutral.
| Dah00n wrote:
| >It is mainly in American fora where people have this
| belief that news sources should be neutral.
|
| Which is kind of hilarious as US news sources are far
| less neutral than most of those politically colored
| newspapers!
| asveikau wrote:
| Imagine that same statement but with another country in
| there, another country that is obviously an aggressor.
|
| "It's not their job to have an opinion on the Nazi
| annexation of the Sudetenland, since they are not a
| political party, nobody but their mother cares if they
| think it is wrong."
| thriftwy wrote:
| Nazi annexation of the Sudetenland objectively happened,
| and was not undone until the very end of Nazi regime.
|
| Not everybody wants to read how mr. Hanz from "Der
| Jellyfisch" thinks that that the annexation of
| Sudetenland is wrong, day after day for a decade. We've
| got that already from you being in Switzerland, mr. Hanz.
| inopinatus wrote:
| On the contrary, it _must_ be repeated, when an
| authoritarian regime conducting a murderous war of
| conquest of their neighbours promulgates their twisted
| justifications very loudly, and have entire state bodies
| devoted to manipulating the press, promoting a message
| that if left unopposed will become the prevailing
| narrative, as it has in their home nation.
|
| Head-in-the-sand bullshit neutrality is why Switzerland
| is a moral toilet. Demanding that journalists be
| "neutral" is a sliproad to manipulation. These are
| nothing more than an abandonment of principles.
|
| The public in functioning democracies is most definitely
| interested in reading opinionated editorial. Representing
| otherwise is downright obnoxious.
| thriftwy wrote:
| People will stop listening real soon.
|
| You will keep the audience who already agree with you,
| and often bet on that agreement (for example, by fleeing
| the country). You will, however, lose the rest of your
| potential audience by repeating your opinion over and
| over again. Since they know your position, they do not
| share it, and they no longer need that information.
|
| Especially as you cannot answer any hard questions about
| your position, and you could not answer even if you
| didn't. As a journalist, you cannot really suggest any
| solutions, since you are not a politician. You can only
| whine. That gets old pretty fast.
| inopinatus wrote:
| Straight from the authoritarian playbook:
|
| - promote the idea of a ruling class separate from the
| people
|
| - journalists that publish uncomfortable truths are
| "whining"
|
| - just give up because no-one is listening
|
| These are neo-Tsarist civics. As before, they form
| conditions for decay and conflict.
|
| In reality, people have never stopped listening, and
| never will. They may stop hearing - when voices are
| intentionally silenced. It follows that a critical and
| editorial press is the hallmark of democracy.
| thriftwy wrote:
| Russia is an authoritarian state. "Hallmarks of
| democracy" do not work here and likely never did.
|
| Meduza and their ilk publishes the same uncomfortable
| truth tailored at comparatively small demographics. They
| fail to deliver their message to a wider audience because
| they don't understand it, have no message for it and
| perhaps don't really want to talk to it. That's what I
| was explaining. The only thing I'm seriously criticizing
| Meduza here is for their failure as journalists to get
| better coverage of their ideas. Part of which, their
| ideas aren't great.
| Dah00n wrote:
| >when an authoritarian regime
|
| Why more so than when the US destroy Afghanistan or some
| other place? What makes it worse and more worthy of being
| repeated because of authoritarianism?
| justsomehnguy wrote:
| > another country that is obviously an aggressor.
|
| If you are not an American then it's quite obvious who is
| an aggressor in many, many invasions through the 20th
| (and now even 21st) century.
|
| Care to imagine that same statement but with US?
| asveikau wrote:
| What I said has nothing to do with the US. Do you think
| that if the US is wrong in a bunch of unrelated matters,
| it makes Russia's actions ok?
| inopinatus wrote:
| These sentiments are insidious: they are what repressive
| regimes want the populace to believe.
|
| -> restricting what journalists may write
|
| -> claiming the public has no interest in editorial
| opinion
|
| -> labeling dissent as propaganda
|
| The remark above is all three.
| 5e92cb50239222b wrote:
| Yes, and I should write bug-free code, and doctors should
| never make mistakes. If you have any examples of a
| completely neutral news outlet that never made any
| blunders, I'd be _very interested_ to know about and
| follow them. Until then, I see no point in comparing
| anyone against an unattainable ideal which can only exist
| in one 's imagination. I try to correct for their biases
| by reading Kremlin propaganda (and US, and Chinese, and
| some others) and comparing what they are saying. Know of
| any better ways?
| thriftwy wrote:
| It is the century XXI, and the mainstream way seems to be
| subscribing to Telegram channels whose vibe resonates
| with you.
|
| Yes, you will be living in a tiny bubble. But at least
| you do not get to read propaganda pieces trying to derive
| prefabricated conclusions out of irrelevant small events.
| If anything large happens, you are going to hear of it
| earlier or later.
|
| If you really want balanced coverage, choose a source
| from the other side which is so blatantly propagandist
| that you can have good laughs instead of grinding your
| teeth. I am reading The Guardian for that purpose.
|
| Perhaps there are better ways to consume your news, but I
| don't know these.
| MockObject wrote:
| >> I try to correct for their biases by reading Kremlin
| propaganda (and US, and Chinese, and some others) and
| comparing what they are saying.
|
| > Yes, you are living in a tiny bubble.
|
| How is that a tiny bubble?
| PawgerZ wrote:
| I think you misread their comment. If you didn't realize,
| you also misquoted their comment (unless it was edited).
|
| > It is the century XXI, and the mainstream way seems to
| be subscribing to Telegram channels whose vibe resonates
| with you. Yes, you _will be_ living in a tiny bubble.
|
| I believe they mean "the mainstream way" puts you into a
| tiny bubble, but they go on to say:
|
| > But at least you do not get to read propaganda pieces
| trying to derive prefabricated conclusions out of
| irrelevant small events. If anything large happens, you
| are going to hear of it earlier or later.
|
| Thus, I believe they were advocating for a tiny bubble --
| not accusing the previous commenter of being in a tiny
| bubble.
| GoblinSlayer wrote:
| The amount of junk isn't boolean, it matters how much you
| have to filter. If you can find news with less junk, you
| can filter them with less effort. And big news are
| reported by everyone so you can't miss them.
| Dah00n wrote:
| Not a single news source in the history of mankind lives
| up to your description.
| esqbuckmulligan wrote:
| [flagged]
| ponkipo wrote:
| Well, yes and no, even people who are strongly anti-Russian-
| regime-oriented told me that they stopped reading Meduza
| because it's giving info which is extremely one sided and not
| objective, like it's propaganda but opposite to a Russian-state
| one
| jononomo wrote:
| The entire situation is extremely one sided -- I would be
| highly skeptical of any source that does not paint Russia and
| Putin in a terrible light.
| pphysch wrote:
| Depends on who you ask. Most of the world (i.e. outside the
| 15% of the population that is Western) views it as a
| nuanced situation with guilt on both sides. The hardliners
| are a global minority.
|
| e.g. while Russia is responsible for invading, Victoria
| Nuland was caught red-handed orchestrating the Ukrainian
| coup/government that precipitated it.
|
| Even Israel has more moderate/complicated views of it. On
| one hand they benefit from a strong West, on the other hand
| they possibly suffer from this particular proxy war (as it
| pulls Western resources & attention away from MENA into
| Europe). See Naftali Bennett's "tell-all" several months
| ago.
| dr_hooo wrote:
| Could you provide some information on the Victoria
| Neuland thing?
| somenameforme wrote:
| During the leadup to the coup in Ukraine in 2014, she and
| McCain were literally on the ground in Ukraine actively
| agitating protesters encouraging them to overthrow their
| government. This [1] is a speech from McCain, _in Kyiv,
| Ukraine_ , in late 2013. To understand how screwed up
| this is you really have to try to put yourself in the
| situation.
|
| Imagine the US was a relatively weak nation, and during
| the leadup to the mass protests comes riots around
| January 6th, in DC, you had leading politicians from
| China or Russia giving speeches in DC: "Russia is with
| you. China is with you! The destiny you seek lies in
| China!" Think about the impact this is going to have on
| people dissatisfied with their government. It's not only
| going to work as a catalyst towards radicalism for the
| existing protesters, but also draw out others who might
| otherwise not have been interested because 'This could
| really be it!'
|
| [1] - https://www.youtube.com/watch?v=93eyhO8VTdg
| astrange wrote:
| Ukraine has had multiple elections since Euromaidan, and
| Zelensky was supposed to have been the pro-Russia
| candidate.
| oytis wrote:
| Most of the world's population also doesn't live in
| liberal democracies with free press and believes all
| kinds of conspiracy theories.
| Dah00n wrote:
| Most of the world's population that do live in liberal
| democracies with free press also believes all kinds of
| conspiracy theories. I doubt you could find a single
| trustworthy source that could prove any significant
| difference between the two.
| vonnik wrote:
| > e.g. while Russia is responsible for invading, Victoria
| Nuland was caught red-handed orchestrating the Ukrainian
| coup/government that precipitated it.
|
| The claim of "orchestrating a coup" is unsupported by
| evidence, and any both-sidesism does not do justice to
| the fact that:
|
| a) Ukraine has the right to elect whomever they want to
| govern their country, despite Russia's preferences to
| create vassals of its neighbor states
|
| b) Russia has twice invaded Ukraine (as well as other
| neighbors like Georgia) and thus directly caused hundreds
| of thousands of deaths on both sides
|
| Between Ukraine and Russia, only one of them is illegally
| occupying the territory of the other, only one of them is
| operating torture chambers in the territory of the other,
| and only one of them has kidnapped more than a million
| children from the territory of the other. There is no
| both sides between Russia and Ukraine in terms of guilt.
|
| https://www.hrw.org/news/2022/04/03/ukraine-apparent-war-
| cri...
|
| https://www.ohchr.org/en/press-releases/2023/03/war-
| crimes-i...
|
| Israel is doing a great deal to support Ukraine with
| humanitarian and non-lethal military aid (like helmets)
| because Iran is on the other side, although you are
| correct to note that the situation is complicated,
| largely because of Russia support for a bloody regime in
| Syria.
|
| https://kyivindependent.com/on-support-for-ukraine-
| israel-pe...
|
| People focused on US actions during the Yanukovych years
| seem to believe that he himself was legitimate, when
| there is much evidence that he was corrupt, anti-
| democratic and supported by Russia:
|
| https://en.wikipedia.org/wiki/Viktor_Yanukovych
|
| https://www.opendemocracy.net/en/odr/yanukovych-luxury-
| resid...
|
| As for the 15% claim, I would add that a large part of
| that 15% supporting Ukraine includes countries that share
| a border with Russia or its vassals, including eastern EU
| and NATO states, as well as Japan and S. Korea. Those
| countries have the most skin in the game, and their
| position and actions in this conflict should be given
| much greater weight than the rest of the world. It's not
| a coincidence that they want Russia's wars of expansion
| to stop in Donbass.
|
| Ask Finland, Poland, Romania, or any of the Baltic states
| about who they want to win in Ukraine and you will get a
| very clear answer. Their populations have all been under
| the Kremlin's yoke or fought a war against Moscow in
| living memory.
| archagon wrote:
| You are just making up numbers.
| somenameforme wrote:
| The anglosphere (US/UK/Australia/New Zealand/Canada) + EU
| is 470 million + 448 million respectively. That's the
| entirety of the Western world, and less than 12% of the
| world's population. One of JFK's greatest speeches [1]
| hit on this point:
|
| "We must face the fact that the United States is neither
| omnipotent nor omniscient that we are only six percent
| [4% now] of the world's population, and that we cannot
| impose our will upon the other 94 percent of mankind that
| we cannot write every wrong or reverse each adversity and
| that therefore there cannot be an American solution to
| every world problem."
|
| The sort of wisdom and pragmatism completely absent from
| politicians since JFK.
|
| [1] - https://www.youtube.com/watch?v=vc0WrPGvWOM
| archagon wrote:
| Just because the government of a country considers it
| politically expedient to treat the situation as morally
| grey does not mean the population uniformly shares the
| same opinion.
| somenameforme wrote:
| Vis a vis, just because the government of a country
| considers it politically expedient to treat the situation
| as the embodiment of Good vs Evil, does not mean the
| population uniformly shares the same opinion. In fact, I
| think this is the case nowhere in the world, including
| Russia and Ukraine.
| archagon wrote:
| Regardless, this...
|
| > _Most of the world (i.e. outside the 15% of the
| population that is Western) views it as a nuanced
| situation with guilt on both sides._
|
| ...is a statement that cannot be supported by any known
| facts. It is a falsehood (if not an outright lie) used to
| bolster a tenuous argument.
| somenameforme wrote:
| Well I mean you can look at what polls do exist, and it's
| not ambiguous. But I'd also appeal to a logical aspect
| here. Homogeneous dogmatic thinking, at scale, is not
| natural - and arguably doesn't exist. Instead it's
| primarily a product of propaganda and efforts to drive
| people to self-censor.
|
| Both of these are absolutely rampant in the West at the
| moment, but not so much in most of the rest of the world
| (at least not on this topic). People, left to their own
| devices, are generally pretty awesome. It's only when you
| introduce self righteousness and propaganda that we turn
| into unthinking animals. It's no coincidence that self
| righteousness and propaganda go hand in hand with war.
| archagon wrote:
| I'd argue the opposite. Some things, in the moment, are
| really quite morally obvious -- and then propaganda
| starts doing its work to make them seem more ambiguous
| than they actually are.
|
| > _Both of these are absolutely rampant in the West at
| the moment, but not so much in most of the rest of the
| world._
|
| You think propaganda-driven homogeneous dogmatic thinking
| doesn't exist in China and India...?!
| somenameforme wrote:
| Can you offer any examples? In general, I think you'll
| immediately run into a relativism problem. What is moral
| for one person is amoral for another. This is one of the
| main reasons I think it's safe to say that dogmatic
| thinking at scale is so unnatural.
|
| As for my comment, I was obviously just referring to this
| topic.
| timeon wrote:
| > with guilt on both sides.
|
| That is kind of crazy if you take into consideration that
| one side invaded the other.
| nabakin wrote:
| > while Russia is responsible for invading, Victoria
| Nuland was caught red-handed orchestrating the Ukrainian
| coup/government that precipitated it
|
| Fyi the leaked Nuland call (which I assume is what you're
| referring to), is of her discussing who they should
| support after the massive protests started and Yanukovych
| and his ministers left the country. She did not
| "orchestrate a coup". At most, it's the US trying to get
| Ukrainian parliament to pick the interim candidate they
| want which while is still manipulative, is far from
| "orchestrating a coup".
| Dah00n wrote:
| > I would be highly skeptical of any source that does not
| paint Russia and Putin in a terrible light.
|
| So basically you picked a side and trust only what news
| agree with your beliefs?
| The_Colonel wrote:
| In terms of guilt sure, but you still want to read unbiased
| journalism about events etc.
| jononomo wrote:
| My point is that unbiased journalism regarding the
| Ukraine war is going to look extremely one-sided.
| Dah00n wrote:
| How so? Seems you are biased to one side and see
| everything not agreeing with this bias as one-sided.
| 2OEH8eoCRo0 wrote:
| There is no free press in Russia:
|
| https://www.pbs.org/video/putin-vs-the-press-aiw7f0/
| The_Colonel wrote:
| Meduza is based in Riga, Latvia.
| 2OEH8eoCRo0 wrote:
| My point was it's tough to get objective news from a
| Russian source.
| ipaddr wrote:
| Most people are like this for many issues on either side.
| If your media outlet isn't pouring kool-aid over your
| personally held belief it's viewed as suspect. Meanwhile
| your mind quickly discounts obvious contradictions to your
| held belief.
|
| Popular contradictions today: It's a human right to dress
| and act like any sex one chooses. It's evil and horrible to
| dress and act like a different race.
|
| Global warming is the biggest threat to mankind. Coming
| into the office is more important.
|
| Flying around the globe is to talk down to others who are
| doing more about global warming earns praise.
| oytis wrote:
| They might not be as anti-regime as they like to think. Apart
| from Meduza, I also read mainstream UK, US, German and
| Ukrainian media, and Meduza doesn't seem to be more biased
| than either of those. Their predictions of regime's
| difficulties seem to be exaggerated (compared to what seems
| to be happening in reality), but so are predictions of
| Western media.
| [deleted]
| [deleted]
| MichaelMoser123 wrote:
| i wonder how they manage to get funding, they are calling for
| donations, but i am not sure that incoming donations are enough
| to keep going.
|
| also they got completely outlawed by the Russian regime, so
| they can't possibly get any advertising from Russian firms.
| wordsarelies wrote:
| Haas is still selling parts to Russia for their CNC mills even
| though they're sanctioned. They do it by selling to a Chinese
| middleman.
|
| NSO Group probably uses an Indian intermediary (my first guess)
| and does the same thing.
| [deleted]
| wewxjfq wrote:
| What makes you think they care? They don't sell their spyware
| to anyone who might use it against Russian officials, which
| tells you a lot.
| [deleted]
| baybal2 wrote:
| [flagged]
| negus wrote:
| Can you show some evidence?
| mschuster91 wrote:
| The non-reaction to the invasion of Crimea and Donbas in
| 2014, the non-reaction to breaking numerous "red lines" in
| Syria or our (=German) continued support for Nord Stream is
| evidence enough.
| ImPostingOnHN wrote:
| there are ~ 190+ countries, each of which is guilty of this
| "non-reaction" you speak of
|
| russia, of course, is more guilty than all these other
| countries, because not only are they guilty of the same
| "non-reaction", but they are guilty of the initial action,
| too!
| mschuster91 wrote:
| > there are ~ 190+ countries, each of which is guilty of
| this "non-reaction" you speak of
|
| While I agree with you, most of the blame lies on us
| Europeans here. We _knew_ what a continuation of this war
| and the constant erosion of basic rules of war would
| cause (most importantly, a ton of refugees), and yet we
| did nothing despite us being in a position to help from a
| military perspective in contrast to most Global South
| countries. We just let Assad and Russia bomb their own
| people with chemical weapons and barrel bombs.
|
| We stuck our heads into the desert sand and hoped the
| storm would pass, and then we had the audacity of letting
| tens of thousands of people drown in the Mediterranean or
| on the Turkey-Greece route.
| ImPostingOnHN wrote:
| everything you say is true of all 190+ countries: they
| all knew what a continuation of russia's genocide of
| Ukraine would cause, and yet each one did nothing despite
| being capable of sending at least minimal aid to Ukraine,
| or publicly voicing opposition to russia's genocide of
| Ukraine
|
| so, again, each of those countries (russia alone more
| than any other) is equally guilty, be they China, USA,
| Iran, Canada, North Korea, etc: none had any
| responsibility to intervene more or less than the others,
| and EU receives no special blame for russia's genocide of
| Ukraine
|
| or, more to the point, they are all equally innocent,
| except for the aggressor, russia, who started the
| genocide of Ukraine in the first place
|
| tl;dr russia is to blame
| mcpackieh wrote:
| > _Western states were aiding and abetting Putin 's regime up
| until last years._
|
| > _until last years._
|
| Very strange phrasing, that's not idiomatic English. How many
| years? That should say something like _" until last year"_ or
| _" until X years ago"_ or _" until the last X years"_.
|
| What is the value of X?
|
| I might presume that you mean the last year, e.g. 2022, but
| there are some problems with that. You've claims that western
| _states_ were assisting Russia, and cited the supposed actions
| of two American companies. But the American state itself is not
| those companies, and has been arming and training Ukraine to
| fight Russia since at least 2014.
| simpleuser27 wrote:
| When I read comments like this I always wonder what the purpose
| is - what exactly do you want a reader to come away with?
|
| Companies did bad things until they decided it was no longer to
| their advantage, and stopped?
|
| And if this is the case, what does it have to do with the
| article, or the blame owed to the actual, literal bad actor
| (Putin's Russia)?
| notarget137 wrote:
| Well, again as I stated previously - it is hypocritical and
| these companies and states should be held accountable. If
| someone feeds the soil for the next dictator to grow and then
| all of a sudden there is a political crisis involving said
| dictator aren't you directly responsible for such crisis?
| [deleted]
| hindsightbias wrote:
| As long as you hold everyone who voted for Gerhard Schroder
| too. Not like these policies came out of a vacuum.
| mcpackieh wrote:
| > _these companies and states should be held accountable._
|
| Hold the companies accountable... okay sure. I'll write
| some letters to my elected officials and federal
| prosecutors about holding Apple and Google accountable.
| Just one thing... which laws were they breaking? Or do you
| propose consumer boycotts of both Google and Apple? If your
| plan is for everybody to give up their smartphones, your
| plan is DOA.
|
| Hold the states accountable... What does it mean to hold a
| sovereign state accountable? Are you going to bend the US
| Government itself over your knee and spank it? I don't
| think so. What exactly do you mean by holding the state
| itself accountable?
| notarget137 wrote:
| They still do to some extent. Remember that gas heater you have
| has to have gas from somewhere. And that somewhere is Russia.
| If you consider recent rulings in baltic states blocking
| vehicles, phones, laptops and et cetera from entering that is
| the highest displays of hypocrisy. Oil is fine but people with
| phones are not.
| 5e92cb50239222b wrote:
| Yeah, the last couple of years were really eye-opening for
| credulous idiots like myself.
|
| https://en.wikipedia.org/wiki/Kaja_Kallas#Stark_Logistics_an.
| ..
| edgyquant wrote:
| I don't have a gas heater
| The_Colonel wrote:
| Why is it a hypocrisy?
| thriftwy wrote:
| [flagged]
| The_Colonel wrote:
| So US wants Assad, Kim Jong Un, Khamenei and the Xi at the
| helm as well.
|
| That's illuminati-level ridiculous.
| denton-scratch wrote:
| I have no idea what US voters/leaders "want Russia to be".
|
| I don't believe EU voters/leaders wanted Putin's
| international military aggression. I believe they were
| cowards. They thought cheap Russian gas was the solution to
| their political (and perhaps personal) problems, and they set
| aside the potential consequences.
|
| German leaders, in particular, welcomed "trade" with Russia
| on the basis that if they could entangle Russia in enough
| mutually-beneficial trading relationships, Russia would never
| attack Europe with militay force. This is what's called
| Ostpolitik, and perhaps Realpolitik (i.e. "practical
| politics"). Nowadays it looks much more like "cynical
| politics"; make hay while the sun shines, and damn the
| consequences.
| vladms wrote:
| It is clear now that the objective of Ostpolitik was not
| achieved, but the simple alternative (don't trade) does not
| seem to be obviously better either (Russians would have had
| even less reasons not to invade more). If that Ostpolitik
| delayed the issues with Russia and gave Ukraine some more
| time, maybe it was the best of the bad options available.
| ImPostingOnHN wrote:
| this perspective requires believing that, if the US or EU
| didn't like putin, they could replace him
|
| such a belief is patently absurd
|
| the rest of the theory is obviously bunk since it relies upon
| the above absurd belief
| richardanaya wrote:
| Was anyone else amused by the mythological significance? In Greek
| mythos, Pegasus spawned out of the blood of Medusa.
| game_the0ry wrote:
| Let's assume I am a savvy career criminal (I am not...promise).
| What would I want to use for counter-surveillance? I would
| probably go:
|
| - For desktop - Tails OS booted from USB + TOR for browser
|
| - For mobile - GrapheneOS on latest pixel device
| [deleted]
| zozbot234 wrote:
| This will provide decent privacy for most people against casual
| mass-surveilance. But you should _not_ assume that it 's
| anything like sufficient protection against these kinds of
| state-sponsored attacks.
| game_the0ry wrote:
| Assume nothing electronic/digital is safe? That's my take-
| away.
| Cyphase wrote:
| Nothing non-electronic/non-digital is safe either. They
| just have different tradeoffs.
| Un1corn wrote:
| This is absolutely not enough against targeted attacks. It will
| be harder to detect you but once they do, Firefox (which Tor is
| based on) is a lot more vulnerable than Chrome. Same for
| Android, the locked bootloader and such can be helpful in this
| situation.
___________________________________________________________________
(page generated 2023-09-13 23:01 UTC)